Canberra: Extortionists pull off the heist Client records related pregnancy terminations on the dark web on Thursday in their latest attempt to force Australia’s largest health insurer to pay a ransom.
Cybercriminals on Wednesday began dumping records of clients, including HIV and drug addiction treatment. Medibank This week it refused to pay a ransom to return the hacked data.
The criminals, who used the name “Extortion Gang”, posted on Thursday that they demanded $9.7 million – $1 for each of the stolen 9.7 million current and former Medibank customer records.
The most concerning was theft Health claims For about 500,000 customers that includes diagnosis and treatment.
Medibank CEO David Kozkar on Thursday condemned the release of the tranche of data as “embarrassing”.
“Weaponizing people’s private information in an attempt to extort payment is malicious and an attack on the most vulnerable members of our community,” Kozkar said in a statement.
Cyber Security Minister Claire O’Neill called the targeting of women terminating a pregnancy “morally reprehensible”.
“Yesterday, I signaled to Parliament that the consequences of the Medibank hack were likely to get worse, and today that fear has been realised,” O’Neill told Parliament.
“And I especially want to say to women whose private health information has been compromised overnight, as the cybersecurity minister, but more importantly, as a woman, this should not happen,” she added.
Medibank and government services stand ready to support all customers in need even in the event of a “big data dump,” O’Neill said.
Extortionists have warned that daily extortion will continue.
Cyber security expert and Medibank customer Nigel Fair spoke of his frustration at not knowing how much of his personal data had been stolen.
“You don’t know what’s missing from your own details: is it your name, is it your date of birth, is it your address, is it all and more?” Fair told the Australian Broadcasting Corp.
Medibank failed to properly address basic risk management questions about what data was stored, where it was stored, who had access and how that data was accessed, Fair said.
“If they had done it competently beforehand, and put the proper controls (in place), this would not have happened,” Fair said.
The extortionists are linked to high-profile Russians Cybercrime Gang Revel, short for Ransomware Evil and also known as SodinoKibi.
The Russian Federal Security Service said in January that REvil had “ceased to exist” after several arrests were made at the behest of the United States.
Troy Hunt, “Have I Been Peoned?” The founder of the website, a service that enables users to check whether their personal details were exposed in a data breach, said it was not clear how REvil was involved.
An old REvil dark web site began redirecting traffic to a new site that hosted the stolen Medibank data, Hunt said.
REvil could be rebranded as BlogXX, the name by which the Medibank hackers are increasingly known in cyber security circles, or former REvil operatives could find a new home.
“The reality is, it’s like any job — people come and go,” Hunt said.
Conversations between the hackers and Medibank that have been published along with the data dumps show that the operation was initially aimed at a ransomware attack. It would deny Medibank access to its own customer records and increase pressure to find a speedy resolution.
But the hackers said they were running out of time to encrypt Medibank’s systems with ransomware so fell back on plans to monetize the data already stolen.
