Australia blames cyber criminals in Russia for Medibank data breach
On Friday, the Australian Federal Police revealed that Russian cyber criminals were behind a ransomware attack on one of Australia’s top health insurers. The malicious incident compromised sensitive personal data and exposed it to the shadows of cyberspace—the dark web.
At a highly anticipated press conference, Commissioner Kershaw confirmed that the individuals behind Medibank’s attack were known to investigators. However, in order to protect the integrity of their investigation and ensure due process was followed, he declined to identify them at this time.
The AFP is taking aggressive action to bring the perpetrators of this breach to justice. We are calling upon our extensive domestic and international networks, including Interpol, who we believe can help us trace those responsible back in Russia.
Medibank, one of Australia’s largest health insurers has recently been affected by a data breach. The scale? An impressive 9.7 million past and present customers have had their personal information stolen including 1.8 international individuals – not to mention the 500k+ additional whose medical claims were taken too. This is particularly alarming as it includes 20,000 people outside of our borders who are also vulnerable to malicious attack due to this security issue.
This week, the group launched an unprecedented data dump to the dark web. The selections contained within these files revealed a startling truth: those who sought aid for alcohol dependency or had abortions could find their names on subversive ‘good’ and ‘naughty’ lists.
According to Kershaw, a collective of cyber criminals is suspected of causing some major data breaches on the global scale. With their insidious tactics and resourcefulness, these actors have demonstrated an aptitude for infiltrating organizations in pursuit of confidential information.
Kershaw reported that the cyber criminals responsible for this investigation are operating in a smart and calculated way, with affiliates and associates distributed across several countries. Due to the sensitive nature of their inquiry, there were unfortunately no questions taken from press at this time.
Russian Hackers are Linked to this Act
Cyber criminals linked to the notorious Russian ransomware gang REvil have been identified as responsible for a surge of recent threats on U.S targets and beyond, including last year’s attack against global meat supplier JBS Foods.
In a devastating move, an attack by the notorious cybercrime group REvil caused the shutdown of a major American beef processing company last year. After paying out $11 million in ransom fees, the US State Department took action and offered up to $10 million for any information that could lead to identifying or locating key leaders behind this criminal organization.
Eight suspected members of the notorious REvil ransomware gang have been apprehended by Russian authorities in response to a plea from US intelligence. This major operation, conducted during mid-January, was reported on by TASS – Russia’s state news agency.
A Moscow court charged two individuals with “illegal circulation of payments,” an offense punishable by up to seven years in prison, according to TASS.
In March, a US Justice Department statement announced the extradition of Yaroslav Vasinskyi; an alleged Ukrainian national and chief suspect linked to a cyberattack on American software vendor Kaseya. He will now stand trial in the United States.
Professor Jeffrey Foster of Macquarie University’s Cyber Security Studies department has identified a significant connection between the cybercriminal group suspected in the Medibank breach and REvil network.
REvil’s dark web presence has been replaced with a website, which according to Foster is the only connection between them. As such, they are now actively monitoring their blog for further developments in this situation.
Despite asserting a decisive victory against REvil, Russia is yet to provide conclusive evidence of their success – leaving the future of the infamous cybercrime ring uncertain. Recent developments suggest that an individual with prior access may have redirected activity away from its traditional online channels – which requires considerable technical capability and insider knowledge. Whether or not this marks a resurgence for REvil remains unclear at present.
How it was Discovered
Medibank was the victim of a malicious data breach over one month ago in which criminal hackers targeted their Ahm Health Insurance and International Student systems, stealing personal information such as names, addresses and phone numbers. The theft also included claims related to procedures and diagnoses.
In a case of cybercrime ransom, the company initially faced demands for fifteen million Australian dollars. However, after consulting with experts and due diligence on their part, they managed to negotiate it down to nine point seven – meaning all customers affected were paid one dollar each.
Medibank declared that paying the ransom would merely provide a “limited chance” for their data to be kept secure and private.
On Friday, AFP Commissioner Kershaw made a firm stance on the issue of paying cyber criminals ransoms – condemning any action which would violate Australia’s current policy.
According to the expert, giving into ransom demands of any kind only further perpetuates cybercrime by creating incentives for future attacks and putting other Australians in harm’s way.
Australian Interpol has mobilized their National Central Bureau in order to take direct legal action against the suspected individuals, delivering a solemn warning for them to stand accountable and face potential charges.
To the wrongdoers abroad, we have our eye on you. The Australian Federal Police has repeatedly succeeded in bringing those who evade justice back to Australia and ensuring they receive their due punishment.
Prime Minister Anthony Albanese has strongly condemned the malicious cyber attacks and implored that those responsible, without being identified directly, be held to account accordingly.
Minister Albanese has highlighted the responsibility of nation to be held accountable for malicious actions and violations such as releasing private information unlawfully. He considers these acts despicable, urging that accountability should not go unnoticed.
David Koczkar, CEO of Medibank, noted with concern on Friday that the perpetrators behind the security breach are brazenly revelling in their success. It appears they may be looking to prolong this situation by divulging additional information day-by-day.
This criminal’s tactic to cause distress and harm has been relentless, leaving those affected in a vulnerable state. Real people are behind this data which is being misused in a way that may prevent them from seeking medical attention – an action deplorable enough to incite serious concern.