A ransomware group with suspected hyperlinks to the infamous Russian-speaking Revil gang has threatened to launch non-public data of millions of Medibank prospects after an Australian personal medical insurance company promised not to pay ransom demands from cybercriminals.
Medibank, Australia’s largest medical insurance supplier, first exposure A “cyber incident” occurred on 13 October, saying it detected unusual practice on its community and took swift action to contain the incident. A few days later, the company said that buyer data may have to be pulled out.
In Latest information Melbourne-based Medibank acknowledged that the attackers accessed the personal data of about 9.7 million prospects, including names, delivery dates, electronic mail addresses and passport numbers.
Cybercriminals also obtained health claims information for nearly 500,000 customers, including the names and locations of service providers where customers received certain medical services, and codes related to tests and procedures. For 5,200 customers of Medibank’s My Home Hospital app, cybercriminals gained access to personal and health claims data and, for some, to kin contact details.
Medibank CEO David Koczker said that while the medical insurance biggie believes the attackers took out all the information they were able to enter, the group will not pay the ransom demand.
“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited opportunity to pay the ransom that will ensure the return of our customers’ data and prevent it from being published,” Kozkar said. mentioned. The chief government said making the payments could encourage hackers to adopt a triple-extortion strategy by attempting to extort them immediately.
Following the announcement of Kozker, a ransomware gang believed to be a rebrand of the defunct Revil Group threatens to leak stolen Medibank knowledge. The new Darkish Net leak website seen by Thealike definitely listed Medibank as one of its victims and cited it to launch a publicly deprecated knowledge. The gang did not say how much knowledge it extracted from Medibank’s community, and did not share evidence of its claims.
The link between the newly leaked website and Revil, which went dark after US officials pushed the operation offline in October after gangs targeted ransomware attacks against Colonial Pipeline, JBS Foods and Cassia, the US tech agency, remains unclear. Emsisoft ransomware professional and threat analyst Brett Callow noted that the brand new operation uses a variant of Reville’s file-encrypting website and that Reville’s previous website now redirects to the brand new leaked website.
Medibank describes gang threats as an “annoying development”. second update printed on Tuesday, and urged customers to be vigilant with all online communications and transactions.
“We offer an unconditional apology to our customers. We take our responsibility to protect and support our customers seriously,” Koczkar said. “The weaponization of their personal information is malicious, and it affects the most vulnerable of our community. Members are under attack.”
Medibank said it is working with the Australian government, the Australian Cyber Security Center and the Australian Federal Police, to attempt to prevent the sharing and selling of buyer knowledge. News of the Medibank attack comes just weeks after Australia’s second largest telco, Optus, broke down. Australian authorities have ratified an upcoming legislative change that could see corporations that fail to adequately defend the knowledge of individuals and face fines of $50 million or more.
