Trending
Know Everything About REvil – The Russia-Backed Hacker Group Suspected Behind The Medibank Data Breach?
After Medibank, a private health insurer declined to pay ransom, a ransomware group started posting customer data that was stolen from Medibank on the dark web.
On a blog run by the group, which claimed responsibility for the attack, hundreds of names, addresses, birth dates, and Medicare information started to appear under “good” and “naughty” lists on Wednesday.
The group was releasing the information in stages due to its complexity, according to a post that was posted alongside the lists.
On Wednesday, Medibank acknowledged that some of its customers’ personal information had been “leaked” and issued a warning that the hackers would keep disclosing the data they had stolen through the hack on the dark web.
ALSO READ: Cyber Attack: Hackers Paralyse Train Services In Denmark
But Precisely, Who Is Revil — The Group Thought To Be Responsible For The Breach?
The ransomware criminal organization REvil, which had its base in Russia, threatened to publish the information it had stolen from businesses on its website Happy Blog unless it received a ransom.
According to Mohiuddin Ahmed, senior lecturer in cyber security at the Edith Cowan University in Western Australia, the REvil is one of the top five most infamous cybercriminal gangs worldwide.
The group ransacked an Apple contractor last year and demanded a $50 million ransom. Russian authorities declared in January that REvil had been “dismantled” and that “several of its members had been arrested”.
But, Ahmed clarified that this does not imply that other group members are not still actively involved.
“There may be group members out there who are not in custody or who were still operating, using a different identity or receiving support from other group members,” he believed.
ALSO READ: Here Is How You Can Protect Your Instagram Account From Phishing Attacks: 6 Tips To Know
Why Is REvil Suspected Responsible For The Medibank Hack?
According to Ahmed, the attack on Medibank involved two data leaks. The Medibank employee credential was first sold to another group by a hacker or group of hackers, he claimed.
Then, that group, which we believe to be REvil, is responsible for carrying out this malicious activity on Medibank’s network and posting the data samples on the dark web.
There is one crucial indication that someone connected to REvil is responsible for the Medibank breach, according to Troy Hunt, founder of the website ‘Have I Been Pwned’, which enables users to check whether their email address or phone number has been compromised in a data breach.
According to Hunt, “REvil’s dark web website started redirecting to the one that is now posting the Medibank data at some point.”
Different people frequently join and leave these groups, they each have their own conflicts, problems, and opportunities for employment and advancement.
ALSO READ: Yes, iPhones Can Be Hacked And Here’s How To Deal With Hackers
Should We Be Concerned When REvil Is Mentioned?
If REvil is back, Ahmed says given the gang’s history, people should be “really concerned,” but he advised holding off on making any snap judgments until any official investigations were finished.
The Australian Federal Police (AFP) sas launched ‘Operation Pallidus’ to look into the hack.
It has also added the Medibank leak to ‘Operation Guardian’, a joint effort with state and territory police established to look into the Optus data breach in September.
On Wednesday, Justine Gough, assistant commissioner of the AFP’s Cyber Command, stated that the organization would be “actively monitoring the clear, dark, and deep web for the sale and distribution of Medibank Private and Optus data.”
Law enforcement agencies around the world are aware that this is a type of crime that knows no national borders and necessitates the sharing of information and resources, she added.
The Australian Signals Directorate and other federal government organizations are still offering technical assistance and advice to Medibank.
The hack, according to cyber security minister Clare O’Neil, was the “lowest of low.”
“I cannot express the disgust I have for the scumbags who are at the centre of this criminal act,” she told parliament on Wednesday.
People have a right to keep their health information private, and even ransomware attackers believe it is unacceptable to release another person’s personal medical information.
Hunt stated that he is more concerned that so much data has been leaked than he is about who was responsible for the hack.
“It’s not too bad,” he said, “compared to what it could have been.
It’s bigger than I first thought when I saw a few archive files that added up to a few hundred megabytes; however, they extract data that is significantly larger than that, and there do appear to be quite a few people in there.”
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube