Medibank hackers give up, declare ‘case closed’ with final data dump

It seems the Medibank hackers have given up after a large file containing what is assumed to be the entire collection of customer records was posted on the dark web.

The folder was posted on Thursday morning, containing a file made up of several compressed files that totalled over 5GB.

The files have not yet been verified, but the size suggests that they contain the rest of the stolen data. The hackers had previously informed Medibank that they had stolen 200GB worth of data, compressed down to 5GB.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

In the post, the hackers called “case closed”, alluding that they had given up on being paid the $15.6 million ransom that they had requested from Medibank. The health insurer has taken a stance of not paying hackers a ransom, a move that has been supported by the Australian government.

“Happy Cyber Security Day!!! Added folder full. Case closed,” the post said.

The hackers, who are believed to be Russian-based and connected to the REvil ransomware group, had previously released data five times, with this last data dump being the sixth.

The stolen data contained the information of 9.7 million current and former customers, 5.1 million from Medibank, 2.8 million from budget brand ahm, and 1.8 million international customers.

VIEW ALL

The post comes not long after the blog where the hackers were posting the Medibank records was taken down. At the time, it was not known if it indicated the end of the hackers’ efforts.

“Leak sites drop offline all the time, but usually come back online within a few days. Usually, but not always. Occasionally, they drop offline and remain offline,” said Emsisoft threat analyst Brett Callow.

“That happened to REvil’s initial site after the operation was seemingly disrupted by law enforcement. The bottom line is that we can’t read too much into this. It could be something or it could be nothing.”

The Australian government has been making efforts to track down the hackers of Medibank and Optus, with the AFP announcing that it is looking to work with Russian authorities through Interpol.

Legislation was also passed that increased the fee for “repeated or serious” data breaches from $2.2 million to $50 million.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Medibank hackers give up, declare ‘case closed’ with final data dump

Daniel Croft

Comments (0)

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED