First published: 23 Dec 2021
Last updated: 23 Dec 2021

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

Background / What has happened

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of reports that ransomware groups, previously responsible for impacting Australian organisations, have been leveraging the Log4j vulnerability. For example, A ransomware profile of Conti is available.

If you were to suffer a ransomware attack, loss of any data could limit the ability for your business to conduct day-to-day activities, impact to your reputation and credibility, or risk losing customers. While you might think photos and other business documents are most important, it is worth considering other data that is critical to your business operations. If left unfixed, ransomware can cause severe damage. It can hurt your reputation, and cost you money.

Mitigation / How do I stay secure?

The ASD’s ACSC has published specific guidance on mitigating the Log4j vulnerability via an advisory and information on the risks, impacts and preventative actions associated with ransomware via an additional advisory.

The ASD’s ACSC continues to monitor the situation and work with our partners. On 23 December 2021 the ASD’s ACSC released a joint advisory to provide further mitigation guidance on addressing vulnerabilities in Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it