Cyber extortionist sends medical information to show details of abortions and treatments for addiction, HIV.
A cyber extortionist has demanded nearly $10 million to stop leaking medical records of Australians caught in one of the country’s worst cyberattacks.
In a message posted on the dark web early Thursday morning, the hacker said it was demanding $1 for each of the 9.7 million customers affected by last month’s massive data breach from Medibank, Australia’s largest private health insurer.
The cybercriminal, or criminal organization, also posted information linking customers to abortions after releasing a “naughty list” that appeared earlier this week. clients receiving treatment for addiction, mental health issues and HIV.
Local media have linked the dark web forum used to post hacked data to the REvil crime group, which Russian authorities said they shut down earlier this year at the request of the United States.
On Thursday, Medibank CEO David Koczkar reiterated his apology to customers, condemning the hacker’s actions as a “disgrace”.
“We are committed to fully and transparently communicating with customers, and we will contact customers whose data has been published on the dark web,” Kochkar said.
“Weaponizing people’s personal information in order to demand payment is harmful and an attack on the most vulnerable members of our society.”
Medibank refused to pay the ransom, citing advice from cybercrime experts that it would not secure the return of customer data and could “put more people at risk by making Australia a bigger target”.
The Australian Federal Police, which is investigating the cyber attack, has warned that downloading or simply accessing the data can lead to criminal charges.
Home Secretary Clare O’Neil described the hackers as “vicious criminals”.
“I cannot express my disdain for the scoundrels at the center of this criminal act,” O’Neill told parliament on Wednesday.
The cyber attack, which first came to light last month, is the latest in a series of major data breaches to rock Australia.
Optus, Australia’s second-largest telecommunications provider, announced in September that up to 10 million customers’ data had been compromised as a result of a cyber attack against the company.
