Toni Dimaano Tech 11.09.2022 20:Nov PM EST

REvil Ransomware Gang Has StartedLeaking Data, Medibank Warns Customers

Medibank alerts its customers that the ransomware group behind last month's attack has begun leaking its systems' data.

The REvil cybercrime gang, who was responsible for the attack, have leaked private and health data of customers, and negotiation chats with the health insurer, Bleeping Computer reports.

Medibank Informs Client Of The 'Distressing' Threat

Australian health insurer Medibank informs its clients that the hackers are releasing data within 24 hours, which will affect 10 million people.

The distressing threat was made the next day after Medibank refused to pay any ransom demand, forcing the company to ask customers to remain vigilant.

It also notified customers that the REvil cybercrime group has published online files on their dark web leak website, which they expect the hackers to extort customers with.

According to the company, the data breach compromised names, addresses, birthdays, phone numbers, email addresses, Medicare numbers, passport numbers, and health claims.

They add that these data appear to be a sample of data that were determined earlier to be in the crime group's possession, Bleeping Computer writes.

Still, the health insurer assures clients that no evidence proves that the REvil cybercrime group also got a hold of customers' financial information, including credit card and banking details.

According to Barron's, it was on Tuesday that a poster on a hacking blog claimed that information from the Medibank break would be published in the next 24 hours.

With this, the company says that they are continuously working with the Australian government and the police to prevent the data breach from worsening.

"We will continue to work around the clock to inform customers of what data we believe has been stolen ... and provide advice on what customers should do," the insurer says.

Medibank Tells The Breach Victims What They Should Do

Tech Crunch details that the Russian group REvil has selectively separated the first sample of breach victims into a "naughty" and "good" list.

The "naughty" list appears to have numerical diagnosis codes linked to clients with a history of drug addiction, alcohol abuse, and HIV.

This leak is also believed to include many high-profile Australians, like senior lawmakers such as prime minister Anthony Albanese and cybersecurity minister Clare O'Neil.

According to the screenshots of WhatsApp messages that the group published, they also plan to leak keys to credit cards.

The REvil cybercrime group has relied on a variant of a file-encrypting malware to acquire 10 million customers' data and leak around 200 of them initially.

With this, Tech Crunch writes that Medibank advises customers on what they should do following the breach to prevent it from happening again or becoming worse.

The health insurer tells customers to be alert for any phishing attempts in the form of phone SMS, posts, emails, or any communication with suspicious senders.

Furthermore, Medibank urges customers to change passwords regularly with strong ones and to activate multi-factor authentications for any online accounts they might have.