‘We all know who you’re’ • TechCrunch

The Australian Federal Police claims to have recognized the cybercriminals behind the Medibank ransomware assault, which compromised the private knowledge of 9.7 million prospects.

AFP Commissioner Reece Kershaw mentioned on Friday that the company is aware of the identification of the people chargeable for the assault on Australia’s largest personal well being insurer. He declined to call the people however mentioned the AFP believes that these chargeable for the breach are in Russia, although some associates could also be in different nations.

In a tweet, Australian Prime Minister Anthony Albanese, whose personal Medibank knowledge was stolen, mentioned the AFP is aware of the place the hackers are and are working to carry them to justice.

Kershaw mentioned that police intelligence factors to a “group of loosely affiliated cyber criminals” who’re possible chargeable for earlier important knowledge breaches around the globe, however didn’t identify victims.

“These cyber criminals are working like a enterprise with associates and associates who’re supporting the enterprise,” he added, pointing to ransomware as a service operation resembling LockBit. On Thursday, a twin Russian-Canadian nationwide linked to the LockBit operation was arrested in Canada.

The hackers behind the Medibank breach have beforehand been linked to the high-profile Russian cybercrime gang REvil, also referred to as Sodinokibi. REvil’s once-defunct darkish net leak website now redirects visitors to a brand new website that hosts the stolen Medibank knowledge, and the hackers behind the breach have additionally been noticed utilizing a variant of REvil’s file-encrypting malware.

The Russian Embassy in Canberra was fast to rebuff allegations that the Medibank hackers are based mostly in Russia. “For some motive, this announcement was made earlier than the AFP even contacted the Russian aspect by means of the present skilled channels of communication,” the embassy mentioned in a press release on Friday. “We encourage the AFP to duly get in contact with the respective Russian regulation enforcement businesses.”

Russia’s federal safety companies FSB (previously the KGB) mentioned in January that REvil “ceased to exist” after a number of arrests have been made on the request of the U.S. authorities. In March, Ukrainian nationwide Yaroslav Vasinskyi, an alleged key member of the REvil group linked to an assault on U.S. software program vendor Kaseya, was extradited from Poland to the U.S. to face costs.

“Even after a sequence of regulation enforcement operations towards REvil, the gang and its associates nonetheless appear to maintain returning, based mostly on the evaluation of the most recent REvil ransomware pattern,” Roman Rezvukhin, head of malware evaluation and menace searching group at Group-IB, tells TechCrunch.

Kershaw mentioned on Friday that the AFP, together with worldwide companions resembling Interpol, will “be holding talks with Russian regulation enforcement about these people.”

“It is very important observe that Russia advantages from the intelligence-sharing and knowledge shared by means of Interpol, and with that comes tasks and accountability,” Kershaw mentioned. “To the criminals: We all know who you’re, and furthermore, the AFP has some important runs on the scoreboard in terms of bringing abroad offenders again to Australia to face the justice system.”

Whereas the AFP has efficiently extradited individuals from Poland, Serbia, and the United Arab Emirates lately to face felony costs in Australia, extraditing Russian hackers is prone to be difficult. In 2018, Russian President Vladimir Putin declared that “Russia doesn’t extradite its residents to anybody.”

Regardless of motion by the AFP, the Medibank breach continues to worsen following its determination to refuse to pay the cybercriminals’ ransom demand. On Thursday, the attackers’ darkish net weblog posted extra stolen knowledge, together with delicate information associated to abortions and alcohol-related diseases. The cybercriminals claimed that they initially sought $10 million in ransom from Medibank earlier than decreasing the sum to $9.7 million, or $1 per affected buyer, the weblog mentioned.

“Sadly, we anticipate the felony to proceed to launch stolen buyer knowledge every day,” Medibank CEO David Koczkar mentioned on Friday. “These are actual individuals behind this knowledge and the misuse of their knowledge is deplorable and will discourage them from in search of medical care.”