Suspicions of Russian Involvement After Hackers Threaten to Release Huge Troves of Personal Data in 24 Hours

Suspicions of Russian Involvement After Hackers Threaten to Release Huge Troves of Personal Data in 24 Hours
An engineering student takes part in a hacking challenge near Paris on March 16, 2013. (AFP via Getty Images/Thomas Samson)
11/7/2022
Updated:
11/7/2022

Australians are on high alert after a hacking syndicate threatened to release the personal details of nearly 10 million individuals following a major data breach of the country’s largest private health insurer Medibank.

The threat, which cyber security specialist groups Malware Hunter Team, CyberThint, and CyberKnow reposted on Twitter, was alleged to have been posted on the REvil ransomware’s dark web site—the group is also known as Ransomware Evil or BlogXX.

Hackers threatened to begin leaking information in the next 24 hours while suggesting shareholders begin selling Medibank stocks.

Medibank Apologises

In a media update on Tuesday, Medibank CEO David Koczkar said the news was “distressing.”

“Customers should remain vigilant. We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers,” Koczkar said.

“We unreservedly apologise to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponisation of their private information is malicious, and it is an attack on the most vulnerable members of our community.”

The insurer also advised any customer, if they were contacted by an individual who claims to have their data or if they become a victim of cybercrime, to report it at ReportCyber on the Australian Cyber Security Centre website.
Medibank has warned customers the hackers have to access names, birth dates, addresses, Medicare numbers, phone numbers, and the email addresses of around 9.7 million current and former customers, including 5.1 million Medibank customers, 2.8 million ahm health insurance customers, and 1.8 million international customers.

In addition, the health claims data for 160,000 Medibank, 300,000 ahm, and 20,000 international customers were also breached. Some customers were receiving medical services such as diagnosis and procedures.

Meanwhile, credit card and banking details, as well as data on health claims for dental, physiotherapy, optical, and psychology, were not breached, the company said.

The Australian Labor government has activated the country’s emergency mechanism, the National Coordination Mechanism, to help deal with the hack.

Originally designed to deal with the pandemic, the mechanism allows the government to bring together agencies across the Australian government, states and territories, and the private sector to help coordinate a response.

Minister Backs Decision Not to Pay Ransom

Cyber Security Minister Clare O'Neil has backed the decision by Medibank not to pay the ransom, saying it will encourage further behaviour.
In a thread on Twitter, O'Neil said Medibank’s actions were consistent with Australian government advice.

“Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model,” she said. “They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.”

O'Neill said she wanted Australia to be the most “cyber-safe country,” and paying a ransom would undermine that goal.

Further Suspicions of Russian Syndicate Links

Cybersecurity analysts have noted several coincidences between the actions of the group and known Russian hacking syndicates.

Brett Callow, threat analyst at Emsisoft, said a meme used in the initial ransom message was posted earlier by a group called @Cyberknow20 on Twitter.

Further, the ransomware also had links to the BlogXX site, which is also connected to known Russian syndicate REvil, which was allegedly dismantled earlier this year by the Russian Federal Security Service.
It is believed the group has reformed around BlogXX ransomware.
Victoria Kelly-Clark is an Australian based reporter who focuses on national politics and the geopolitical environment in the Asia-pacific region, the Middle East and Central Asia.
twitter
Related Topics