A threat to release 200GB worth of data stolen from Australian health insurance company Medibank has been posted to a site backed by Russian ransomware group, REvil.
The threat comes after Medibank made a public statement that it would not be paying the ransom demanded by the hacker.
In the message, the supposed hacker quotes Confuscious, implying Medibank is making a “mistake” by not paying the ransom. The malicious actor then said that they would release the data within the next 24 hours, and advised readers to “sell Medibank stock”.
#revil #ransomware has posted a warning to #medibank on their leak site, with plans to leak data in the next 24 hours. Thanks @AlvieriD
They have also ‘borrowed’ my #meme for the post….#cybersecurity #infosec #auspol #Australia pic.twitter.com/YTuzu99bK0
— CyberKnow (@Cyberknow20) November 7, 2022
Medibank share prices have decreased by 21 percent from AU$3.51 to AU$2.78 in the last three weeks, after the extent of the data breach was revealed.
Medibank called the threats to release the data a “distressing development”.
David Koczkar, CEO of Medibank, apologized to those affected by the breach, saying: “We unreservedly apologise to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponisation of their private information is malicious, and it is an attack on the most vulnerable members of our community.”
When the threat became known to the company, Medibank contacted all customers to warn them of the possibility of scams and direct phishing attacks. The company also urged all those who were victims of cybercrime or had been contacted by someone claiming to have their data to report it to the Australian Cyber Security Centre.
Medibank continues to work with the Australian Government, including the Australian Cyber Security Centre and the Australian Federal Police to investigate the cyber attack and prevent the share and selling of its customer’s data.