Cybercriminals with ties to Russia are behind a ransomware attack on one of Australia’s largest private health insurers that saw sensitive personal data published on the dark web, the Australian Federal Police (AFP) said on Friday.

In a brief news conference, AFP Commissioner Reece Kershaw told reporters that investigators know the identity of the individuals responsible for the attack on health insurer Medibank, but declined to name them.

“The AFP is taking covert action and working day and night with our national agencies and international networks, including Interpol. This is important because we believe that those responsible for the violation are in Russia,” he said.

Medibank says the stolen data belongs to 9.7 million current and former customers, more than a third of the Australian population, including some 20,000 international customers.

This week, the group began posting selected snippets of client data on the dark web, in files with titles including good list, bad list, abortions, and drunks, which included those seeking help for alcohol dependence.

Earlier Friday, Australian Prime Minister Anthony Albanese said he was “disgusted” by the attacks and, without naming Russia, said the government of the country they came from should be held accountable.

“The nation from which these attacks are coming must also be held accountable for the disgusting attacks and the disclosure of information, including very private and personal information,” Albanese said.

Medibank first detected unusual activity on its network almost a month ago. On October 20, the company released a statement claiming that a “criminal” had stolen information from its ahm international student and health insurance systems, including names, addresses, phone numbers, and some claims data for procedures. and diagnostics.

A ransom demand was made, but the company said that after extensive consultation with cybercrime experts it had decided not to pay.

“We believe there is only a limited chance that paying a ransom will ensure the return of our customer data and prevent it from being published,” Medibank said in a statement on Monday.

In a statement on Friday, Medibank CEO David Koczkar said it was clear the criminal gang behind the breach was “enjoying the notoriety” and would likely release more information each day.

“The relentless nature of this tactic used by the criminal is designed to cause distress and harm,” he said. “These are real people behind this data and the misuse of their data is deplorable and may deter them from seeking medical care.”

Categorized in: