Alleged Russian involvement after hackers threatened to release masses of personal data within 24 hours

Australians are on high alert after a hacking syndicate threatened to release the details of nearly 10 million individuals following a massive data breach at Medibank, Australia’s largest private health insurer.

The threat has been identified by the Malware Hunter Team, a group of cybersecurity experts. cybercintoWhen cybernow It was reposted on Twitter and is said to have been posted on the REvil ransomware dark website (the group is also known as Ransomware Evil or BlogXX).

Hackers threatened to start leaking information within the next 24 hours while suggesting that shareholders begin selling Medibank shares.

BlogXX ransomware gang listed Medibank on leak site…
“P.S. I recommend selling your Medibank shares.”

—MalwareHunterTeam (@malwrhunterteam) November 7, 2022

Medibank apologizes

and media update Medibank CEO David Koczkar on Tuesday called the news “tragic.”

“Customers must remain vigilant. We knew criminals could expose data online, but the threat of criminals remains a devastating development for our customers,” said Koczkar. increase.

“We sincerely apologize to our customers. We take our responsibility to protect and support our customers seriously. It is an attack on

Insurers are also asking customers to report if they are contacted by an individual claiming to have their data, or if they are the victim of cybercrime, on ReportCyber ​​on the Australian Cyber ​​Security Center website. advised.

Medibank warned that hackers would need access to names, dates of birth, addresses, Medicare numbers, phone numbers, and email addresses of about 9.7 million current and former customers. million international customers.

In addition, 160,000 Medibank, 300,000 ahm, and 20,000 international customer health insurance claims data were also compromised. Some customers were receiving medical services such as diagnosis and treatment.

Meanwhile, credit card and bank details, as well as data on dental, physical therapy, ophthalmology and psychology health claims, were not compromised, the company said.

The Australian Labor Government is the country’s emergency mechanism Domestic coordination mechanismto help deal with hacks.

Originally designed to deal with the pandemic, the mechanism will allow the government to bring together Australian government, state, territory and private sector agencies to help coordinate the response.

Minister upholds decision not to pay ransom

Cybersecurity Minister Claire O’Neill said she supported Medibank’s decision not to pay the ransom and said it would encourage further action.

and thread O’Neill said on Twitter that Medibank’s actions were consistent with the advice of the Australian government.

“Cybercriminals cheat, lie and steal. Paying them only fuels the ransomware business model,” she said. “They promise to take action in return for payment, but often again at the expense of businesses and individuals.”

O’Neill said he wants Australia to be the most “cyber-safe country” and paying the ransom would undermine that goal.

Further Allegations of Russian Syndicate Links

Cybersecurity analysts point to some parallels between the group’s actions and known Russian hacking syndicates.

Emsisoft threat analyst Brett Callow said the meme used in the initial ransom message was previously posted on Twitter by the group @Cyberknow20.

Additionally, the ransomware also had links to BlogXX sites. The site is also associated with the famous Russian syndicate REvil. Federal Security Service of Russia.

the group is believed to have reformed About BlogXX ransomware.

Victoria Kelly-Clark


Victoria Kelly-Clark is an Australia-based reporter focusing on the national politics and geopolitical environment in the Asia-Pacific region, the Middle East and Central Asia.