Ransomware gang threatens to publish hundreds of Australians’ well being knowledge • TechCrunch

A ransomware group with suspected hyperlinks to the infamous Russia-speaking REvil gang has threatened to launch the non-public info of thousands and thousands of Medibank prospects after the Australian non-public medical health insurance large pledged it could not pay the cybercriminals’ ransom demand.

Medibank, Australia’s largest medical health insurance supplier, first disclosed a “cyber incident” on October 13, saying on the time that it detected uncommon exercise on its community and took rapid steps to include the incident. Days later, the corporate stated that buyer knowledge might need been exfiltrated.

In an update posted this week, the Melbourne-based Medibank admitted that the attackers accessed roughly 9.7 million prospects’ private info, together with names, delivery dates, e mail addresses, and passport numbers.

The cybercriminals additionally accessed well being claims knowledge for nearly 500,000 prospects, together with service supplier names and places, the place prospects obtained sure medical providers, and codes related to analysis and procedures administered. For five,200 customers of Medibank’s My House Hospital app, the cybercriminals accessed some private and well being claims knowledge and, for some, subsequent of kin contact particulars.

Medibank CEO David Koczkar stated that whereas the medical health insurance large believes that the attackers doubtless exfiltrated the entire knowledge they had been in a position to entry, the group wouldn’t pay the ransom demand.

“Based mostly on the intensive recommendation now we have obtained from cybercrime consultants, we consider there’s solely a restricted probability paying a ransom would make sure the return of our prospects’ knowledge and forestall it from being revealed,” Koczkar stated. The chief govt added that paying may even encourage the hackers to undertake a triple-extortion tactic by trying to extort prospects immediately.

Following Koczkar’s announcement, a ransomware gang believed to be a rebrand of the defunct REvil group threatened to leak the stolen Medibank knowledge. The brand new darkish net leak web site, seen by TechCrunch, listed Medibank as one among its victims and stated it deliberate to launch the exfiltrated knowledge publicly. The gang didn’t say how a lot knowledge it exfiltrated from Medibank’s community, and didn’t share proof of its claims.

The hyperlinks between the brand new leak web site and REvil, which went darkish after U.S. authorities pushed the operation offline in October after the gang focused ransomware assaults in opposition to Colonial Pipeline, JBS Foods and U.S. technology firm Kaseya, stays unclear. Brett Callow, a ransomware skilled and menace analyst at Emsisoft, stated that the brand new operation makes use of a variant of REvil’s file-encrypting web site and that REvil’s previous web site now redirects to the brand new leak web site.

Medibank described the gang’s threats as a “distressing improvement,” in a second update revealed on Tuesday, and urged prospects to be vigilant with all on-line communications and transactions.

“We unreservedly apologise to our prospects. We take critically our accountability to safeguard our prospects and help them,” stated Koczkar. “The weaponization of their non-public info is malicious, and it’s an assault on essentially the most susceptible members of our group.”

Medibank added that it’s working with the Australian Authorities, together with the Australian Cyber Safety Centre and the Australian Federal Police, with a view to attempt to forestall the sharing and sale of buyer knowledge. Information of the Medibank assault comes simply weeks after Australia’s second largest telco Optus was breached. The Australian authorities confirmed an upcoming legislative change that might see corporations that fail to adequately shield individuals’s knowledge face fines of $50 million or extra.