Australia blames Russian-linked ransomware gang for Medibank data breach

The content originally appeared on: CNN

Brisbane, Australia

Cyber criminals with links to Russia are behind a ransomware attack on one of Australia’s largest private health insurers that’s seen sensitive personal data published to the dark web, the Australian Federal Police (AFP) said Friday.

In a short press conference, AFP Commissioner Reece Kershaw told reporters investigators know the identity of the individuals responsible for the attack on health insurer Medibank, but he declined to name them.

“The AFP is undertaking covert measures and working around the clock with our domestic agencies and international networks including Interpol. This is important because we believe those responsible for the breach are in Russia,” he said.

Medibank says the stolen data belongs to 9.7 million past and present customers – more than a third of the Australian population – including around 20,000 international customers.

This week, the group started releasing curated tranches of customer data onto the dark web, in files with titles including good-list, naughty-list, abortions and boozy, which included those who sought help for alcohol dependency.

Earlier Friday, Australian Prime Minister Anthony Albanese said he was “disgusted” by the attacks and, without naming Russia, said the government of the country they come from should be held accountable.

“The nation where these attacks are coming from should also be held accountable for the disgusting attacks, and the release of information including very private and personal information,” Albanese said.

Medibank first detected unusual activity in its network almost a month ago. On October 20, the company issued a statement saying a “criminal” had stolen information from its ahm health insurance and international student systems, including names, addresses, phone numbers and some claims data for procedures and diagnoses.

A ransom demand was made but the company said after extensive consultation with cybercrime experts it had decided not to pay.

“We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Medibank said in a statement Monday.

In a statement Friday, Medibank CEO David Koczkar said it was clear the criminal gang behind the breach was “enjoying the notoriety,” and it was likely they would release more information each day.

“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm,” he said. “These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”