Hackers demanded $10 million on Thursday to stop exposing highly sensitive records taken from a major Australian healthcare company, as they uploaded yet more private customer data.
This Monday, Medibank, Australia's largest private health insurer, disclosed that hackers had gained access to the personal information of 9.7 million current and former customers, including Prime Minister Anthony Albanese.
The attacker claimed in the early hours of Thursday on a dark web blog linked to the REvil Russian ransomware group claiming they initially demanded $10 million from Medibank before lowering the price.
"We can make discount 9.7m 1$=1 customer," they said. "Medibanks [sic] CEO stated, that ransom amount is 'irrelevant'. We want to inform the customers, that he refuses to pay for yours [sic] data more, like 1 USD per person. So, probably customers data and extra efforts don't cost that."
The group has shared a file with the label "abortions" in the second leak this week. The first dump, which was only a few hundred megabytes in size, contained hundreds of names, addresses, birthdates, Medicare numbers, and hospital addresses that were marked as being on the "good list" and "naughty list."
The Medibank breach is likely to have exposed information on some of the most powerful and richest people in the nation.
David Koczkar, chief executive officer of Medibank, referred to the extortion methods as "disgraceful."
"The weaponization of people's private information in an effort to extort payment is malicious and it is an attack on the most vulnerable members of our community," he said.
The organization behind the hack appears to be putting pressure on Medibank by searching the records for the most potentially harmful personal information.
Medibank has asked the journalists and others not to obtain the material from the dark web and to avoid direct interaction with consumers.
The Australian Federal Police has also advised that downloading the information may be illegal.
"We use the powers and authorities of all of our agencies to disrupt the sale and distribution of the unlawfully obtained data,'' AFP assistant commissioner cyber command, Justine Gough, said on Wednesday.
On Wednesday, the AFP declared that it will expand Operation Guardian, which was created to safeguard the 10,000 Optus customers whose personal information was exposed earlier this year, to those affected Medibank clients.
The home affairs minister, Clare O'Neil, called the hackers "scumbags" in a statement to parliament on Wednesday, although she added that the government had been ready for the possibility of the data being made public.
Home Affairs and the Health Department have established a "national coordination mechanism" that entails safeguarding government information, cooperating with state police, assisting those affected, and offering mental health support and counseling.
