Medibank hackers give health giant a 24-hour ultimatum: pay or see your 9.7 million customers’ private information released
International cyber hackers have threatened to disclose the personal data of millions of Australians unless Medibank pays within 24 hours.
A bizarre cartoon meme was posted early Tuesday morning on a dark web forum by alleged hackers, a day after the health insurer said it would not pay a ransom.
The message quoted Confucius as saying, “A man who has made a mistake and does not correct it commits another mistake.”
Added the message below the quote: ‘Data will be published in 24 hours. PS I recommend selling Medibank shares.’
Hackers have since updated the threat with a YouTube link to a satirical ABC article by comedian Mark Humphries about Medibank.
Authorities have confirmed that they believe the threat is legitimate.
The hackers responsible are believed to be part of a Russian criminal group.
Alleged hackers posted a bizarre meme (pictured) in which they threatened to release the personal data of millions of Australia within 24 hours unless Medibank pays
“Whoever these hackers are, they are very aware of the magnitude of the incident here in Australia,” tech expert Trevor Long told 2GB’s Ben Fordham on Tuesday.
‘We believe they are a Russian group based on the forum they use and they just sit here and go’ if you are not going to pay us Medibank, we are going to make Australians believe that we are releasing the data and possibly it online and each of that scare 9.7 million people.’
Mr. Long agreed that Medibank should not pay the ransom.
“If we pay ransom, it will get worse, so it’s important that Medibank doesn’t pay ransom,” he said.
The latest threat comes a day after the health insurer refused to pay ransom to cybercriminals who stole the private data of 9.7 million current and former customers last month.
The health insurer on Monday revealed details of nearly 10 million customers consulted in the major data breach, including information such as names, date of birth, phone number and email addresses.
The company decided not to pay ransom to the criminals responsible after taking advice from cybersecurity experts.
“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance that paying a ransom will result in our customers’ data being returned and not being published” , CEO David Koczkar said Monday.