Australian police announced on Friday that Russian hackers were behind the cyberattack on Australian insurance giant Medibank, which affected 9.7 million people including the prime minister.
• Read also: Cyberattack in Australia: hackers claim ten million dollars
Medibank, one of the country’s largest private health insurance companies, admitted this week that hackers had been able to access the personal data of 9.7 million former and current policyholders.
Australian Federal Police Commissioner Reece Kershaw blamed the attack on Russia-based “cybercriminals”.
“We believe those responsible for the leaks are in Russia,” he told reporters.
“Our intelligence shows a loosely affiliated group of cybercriminals who are likely responsible for significant prior breaches around the world,” he added.
After posting a first “sample” of the stolen data given on Wednesday, the hackers posted a second on Thursday on a dark web forum – which cannot be found using regular browsers.
They contained particularly personal information about hundreds of people.
The first data disclosed appears to have been selected to cause significant harm, targeting people being treated for drug addiction, sexually transmitted infections or pregnancy terminations.
The hackers demanded a ransom of 10 million US dollars on Thursday. “We can make a discount (…) 1 dollar = 1 customer”, they specified on this forum. The insurer has so far refused to pay.
Mr Kershaw said Australian police would seek help from their Russian counterparts.
“We are going to have discussions with Russian law enforcement about these people,” he said.
“We know who you are”
Mr Kershaw said he knew the names of the hackers but refused to divulge them. Cybersecurity analysts have suggested the attack had some characteristics associated with a Russian hacker group called REvil, which has previously targeted Brazilian meat giant JBS and pop star Lady Gaga, among others.
The group was reportedly dismantled by Russian authorities earlier this year after extracting an $11 million ransom from JBS Foods.
Mr Kershaw said Australian police were taking ‘covert steps’ to bring the hackers to justice.
“We know who you are,” he told criminals.
“The Australian Federal Police have in the past scored a few points when it comes to bringing foreign offenders back to Australia for justice,” he said.
Home Secretary Clare O’Neil said on Thursday night that the “smartest and strongest” people in the country were hunting down hackers.
In a mocking response posted on the dark web, the hackers said, “We always keep our word.”
“We should release this data, because no one will believe us in the future,” the hackers promised.
“Good” and “Naughty”
The group responsible for this computer attack appears to be putting pressure on Medibank by searching the insurer’s files for personal information that could cause the most harm possible.
Within the first leaked data, the victims were split into a list of “good guys” and “bad guys.”
Several people on the “villains” list were associated with numerical codes linking them to drug addiction, alcoholism and HIV.
For example, a file contained the indication “p_diag: F122”. F122 is the code for “cannabis dependence” according to the International Classification of Diseases published by the World Health Organization.
Names, passport numbers, dates of birth and addresses were also included in this data.
Australian Home Secretary Clare O’Neil has called these hackers “sleazy criminals”.