The ransomware gang that allegedly acquired the stolen Medibank data called REvil has claimed responsibility for the attack against the Australian health insurance company. According to researchers, the attackers are the relaunch of the REvil ransomware group, which showed signs of affiliation with the BlogXX gang.
Medibank insurance provider is one of the top Australian private health insurers that cater to nearly 4 million people and employs over 4,000 employees.
The incident against Medibank has not yet been attributed to a ransomware group. However, the company confirmed that the data breach observed by its team on its network corresponds to ransomware activity.
The ransomware actors threatened to leak all stolen Medibank data.
Based on the attacker’s website, the ransomware group threatened the company that they would expose the stolen Medibank data in the same data leak website within 24 hours.
The adversaries are yet to reveal how much information they obtained from Medibank’s network and have not shared any evidence to verify their bluffs. On the other hand, a Medibank announcement insisted that they are currently refusing to provide the demands of the attackers as no such evidence is presented to them regarding the stolen data.
The REvil ransomware group has felt its presence again after the recent activities pointed towards their affiliates. The original group was shut down by law enforcement last year after the authorities hijacked its Tor servers.
However, in April this year, its original Tor websites’ operations began redirecting visitors to new websites dubbed BlogXX. Experts claimed that this new entity came from the REvil operation after the threat actors called themselves Sodinokibi.
Sodinokibi is previously used as a codename for the past REvil ransomware operation.
Security researchers have also confirmed that the new operation’s encryptor was taken from the source code of the REvil’s actor, which further strengthens the speculation REvil’s re-emergence.
Experts claimed that the cause of this return is the developers and previous members of the REvil ransomware group. However, some researchers believe that REvil is permanently gone, and the operators will concentrate on building BlogXX.
