Extortion site used in Medibank attack goes offline after Australian gov pledges ‘offensive’ actions

The leak site used by the cyber extortionists who attacked the Australian health insurance company Medibank went offline Tuesday, after cybersecurity officials said they would be taking steps to punish ransomware actors.

Last week the Australian government announced a new permanent joint standing operation between the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD) that they said would be “offensively attacking” groups behind ransomware incidents.

The AFP Commissioner Reece Kershaw stated that his officers had identified the perpetrators of the Medibank hack, describing them as “a group of loosely affiliated cybercriminals” who are in Russia. 

Kershaw said that the AFP would be “holding talks with Russian law enforcement about these individuals” although the Russian constitution prohibits the government from extraditing its own citizens.

Outages are not unusual for websites run by ransomware groups, and Australian officials did not immediately respond to a request for comment about whether the outage was related to government actions.

Earlier this month Medibank stated it would not be making a ransom payment after hackers gained access to the data of 9.7 million current and former customers, including 1.8 million international customers living abroad.

All of the data which the criminals accessed “could have been taken,” the company said. This includes sensitive health care claims data for around 480,000 individuals, including information about drug addiction treatments and abortions.

Several dumps of the stolen data had been posted to the site in recent days, including claims data relating to the above sensitive medical treatments.

Medibank has said that it is analyzing “the data released on the dark web and will contact those affected customers as soon as we’re able to.”

“We recognise the distress this may cause you and we apologize,” the company said.

The AFP will be “actively monitoring the clear, dark and deep web for the sale and distribution of Medibank data,” the company added, encouraging individual victims to report to the authorities any attempts to directly extort them.

“Blackmail is an offense and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment. Law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank data.”