Breach Notification , Fraud Management & Cybercrime , Ransomware
Australia Blames Russian Hackers for Medibank HackAustralian PM Says Russia Should 'Be Held Accountable' for Data Leaks
Australian police say a group of loosely affiliated cybercriminals based in Russia are likely responsible for hacking Medibank, the country's largest private health insurer.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Australian Federal Police Commissioner Reece Kershaw told reporters this afternoon that authorities believe they've identified the individual perpetrators and intend to hold talks with Russian law enforcement about them.
"This cyberattack is an unacceptable attack on Australia, and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing," Kershaw said. The AFP is undertaking covert measures and working around the clock with our domestic agencies and our international networks, including Interpol."
The hackers may be a relaunch of the REvil extortion gang or something else known as BlogXX (see: Who Is Extorting Australian Health Insurer Medibank?).
The hackers have started leaking data, including a spreadsheet titled "Boozy.csv" and another titled "abortions.csv." They earlier posted data samples sorted into "naughty-list" and "good-list." The latter contained names linked to diagnosis codes for medical issues such as opioid addiction.
Kershaw's comments came after Australian Prime Minister Anthony Albanese told reporters that "the nation where these attacks are coming from should also be held accountable for the disgusting attacks and the release of information including very private and personal information."
"We know where they're coming from, we know who is responsible, and we say that they should be held to account,” Albanese said. He earlier told reporters that, as a Medibank customer, his personal information may be included in the breach. There is no indication that his data has leaked online.
Medibank said Monday it would not pay the hackers' ransom demand, telling the 9.7 million individuals whose data has been caught up in the incident that the chances of extortionists actually returning their data was "limited."
The total number of affected individuals breaks down to 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers who need private health insurance while residing or studying in Australia.
Contained within those totals are health claims data for 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. That data includes codes associated with diagnoses and procedures.
The hackers said their initial demand was for $10 million but that they're willing to lower it to $9.7 million, or $1 for each record. Medibank CEO David Koczkar has said that actual dollar figure is "irrelevant."
Australian police say they will take "swift action" against anyone exploiting the leaked Medibank data.