Australians are on high alert after a hacking syndicate threatened to release the personal details of nearly 10 million individuals following a major data breach of the country’s largest private health insurer Medibank.
The threat, which cyber security specialist groups Malware Hunter Team, CyberThint, and CyberKnow reposted on Twitter, was alleged to have been posted on the REvil ransomware’s dark web site—the group is also known as Ransomware Evil or BlogXX.
Hackers threatened to begin leaking information in the next 24 hours while suggesting shareholders begin selling Medibank stocks.
The BlogXX ransomware gang just listed Medibank on their leak site…
?
“P.S I recommend to sell medibank stocks.”
? pic.twitter.com/DdvHdqdwlX— MalwareHunterTeam (@malwrhunterteam) November 7, 2022
Medibank Apologises
In a media update on Tuesday, Medibank CEO David Koczkar said the news was “distressing.”
“Customers should remain vigilant. We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers,” Koczkar said.
“We unreservedly apologise to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponisation of their private information is malicious, and it is an attack on the most vulnerable members of our community.”
The insurer also advised any customer, if they were contacted by an individual who claims to have their data or if they become a victim of cybercrime, to report it at ReportCyber on the Australian Cyber Security Centre website.
In addition, the health claims data for 160,000 Medibank, 300,000 ahm, and 20,000 international customers were also breached. Some customers were receiving medical services such as diagnosis and procedures.
Meanwhile, credit card and banking details, as well as data on health claims for dental, physiotherapy, optical, and psychology, were not breached, the company said.
The Australian Labor government has activated the country’s emergency mechanism, the National Coordination Mechanism, to help deal with the hack.
Originally designed to deal with the pandemic, the mechanism allows the government to bring together agencies across the Australian government, states and territories, and the private sector to help coordinate a response.
Minister Backs Decision Not to Pay Ransom
Cyber Security Minister Clare O’Neil has backed the decision by Medibank not to pay the ransom, saying it will encourage further behaviour.
In a thread on Twitter, O’Neil said Medibank’s actions were consistent with Australian government advice.
“Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model,” she said. “They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.”
O’Neill said she wanted Australia to be the most “cyber-safe country,” and paying a ransom would undermine that goal.
Two weeks ago, I activated the National Coordination Mechanism, ensuring focus and collaboration across all levels of government and the private sector in our national response to the Medibank attack. This is a new model for addressing cyber incidents in Australia.
— Clare O’Neil MP (@ClareONeilMP) November 7, 2022
Further Suspicions of Russian Syndicate Links
Cybersecurity analysts have noted several coincidences between the actions of the group and known Russian hacking syndicates.
Brett Callow, threat analyst at Emsisoft, said a meme used in the initial ransom message was posted earlier by a group called @Cyberknow20 on Twitter.
Further, the ransomware also had links to the BlogXX site, which is also connected to known Russian syndicate REvil, which was allegedly dismantled earlier this year by the Russian Federal Security Service.
It is believed the group has reformed around BlogXX ransomware.
The URL for REvil’s old leak site now redirects to a new one, which lists both old and seemingly new victims. And they’re recruiting. h/t @pancak3lullz @S0ufi4n3 1/2 pic.twitter.com/cLB513qDwY
— Brett Callow (@BrettCallow) April 20, 2022
Friends Read Free
Copy
Facebook
Tweet
