Australian wool sales stopped by ransomware attack

Wool sales across Australia have been halted after Talman, a major software supplier to the industry, was hit by a ransomware attack that encrypted its production databases.

Talman Group’s CEO Dr Pramod Pandey confirmed the attack to iTnews and said he was in regular contact with the Australian wool industry on the company’s recovery efforts.

On its website, the company says “more than 75 percent of the wool industry in Australia and New Zealand uses” its software for “public and private auctions, private sales, delivery, dumping and local or overseas processing”.

Wool sales across Australia have had to be rescheduled while the critical software remains offline.

Live numbers from the Australian Wool Exchange (AWEX) shows no wool bales being sold.

Wool industry executives reached by iTnews could not immediately comment as they met on what to do about planned sales and auctions. Industry publication Sheep Central said a decision was due at 2pm today.

Dr Pandey said Talman is in the process of standing up its systems on entirely new infrastructure.

“We had the attack and we are bringing the service online, so it's all under control now,” he said.

“[The attackers] encrypted certain database files, so that makes the whole system inoperative. 

“Instead of trying to reinstate our backup [on the existing infrastructure] … we started resurrecting it [on] new infrastructure. 

“In other words we moved it to a different data centre altogether for the time being, before we get into the investigation of what actually happened.”

Dr Pandey said the company had not wanted to take a further risk by cleansing its existing hardware.

“It’s critical software for the industry, and at this stage, cost has not been the consideration,” he said.

The company had not notified the Australian Cyber Security Centre (ACSC) or other authorities of the attack, with Dr Pandey saying he would leave that to Talman’s insurers.

“We [will] hand this over to our insurer, and they [will] take care of this part of it,” he said.

“Our insurer has got better resources. 

“Right now, there is nothing in front of me except in getting the service [back] online.”

Dr Pandey said that the ransomwared infrastructure was effectively preserved for investigation.

“All the evidence, if you want to call it, the scene of crime and so on is there,” he said.

“Nothing has disappeared.

“I took the decision that it is better handed over to the insurer, and they have the team and they are the one who will take care of it from this point onwards.”