Key Points
- It comes after a ransomware group posted more stolen Medibank customer data to the dark web.
- Medibank's CEO says he expects the "disgraceful" release of customer data to continue each day.
- The AFP says Russian cybercriminals are responsible for the hack.
Russian cybercriminals are behind the Medibank customer data hack, according to the Australian Federal Police (AFP).
AFP Commissioner Reece Kershaw said on Friday while the identities of those responsible were known, he would not be naming them.
“What I will say is that we'll be holding talks with Russian law enforcement about these individuals,” he said.
Mr Kershaw said the International Criminal Police Organization (Interpol) was now involved and the AFP will "be holding talks with Russian law enforcement about these individuals”.
“Our intelligence points to a group of loosely affiliated cybercriminals who are likely responsible for past significant breaches in countries across the world,” he said.
“We know who you are,” Mr Kershaw said.
"The AFP and our partners are not going to give up bringing those responsible to justice.”
Ransom payments discouraged
He discouraged the payment of any ransom, saying such payments only "fuelled the cybercrime business model and put further Australians at risk”.
Police are also scouring the internet and the dark web to identify people who are searching for and trying to profit from the personal information obtained in the leak.
Prime Minister Anthony Albanese had earlier warned those responsible would be held to account.
Warning 'cyber guns'
The hackers had thumbed their noses at the government after being warned the toughest "cyber guns" in Australia were coming after them, releasing more sensitive details of customers' medical records on the dark web overnight.
"I am disgusted by the perpetrators of this criminal act and I've certainly authorised the AFP commissioner later today to disclose where these attacks are coming from," Mr Albanese had told reporters.
"We know where they're coming from, we know who is responsible and we say they should be held to account."
The ransomware group added a file named "Boozy.csv" to the dark web, which appears to contain information related to alcohol issues after a data dump on Thursday named "abortions.csv".
The ransomware group allegedly behind the Medibank hack claim they have released more sensitive details of customers' medical records on the dark web.
"But we warned you. we always keep our word, if we wouldn't receive a ransom - we should post this data, because nobody will believe us in the future."
The group claimed on Thursday it had demanded a ransom of US$1 for each of Medibank's 9.7 million affected customers, for a total of US$9.7 million (almost $15 million).
Medibank CEO David Koczkar said he expected the "disgraceful" release of customer data to continue each day.
"It's obvious the criminal is enjoying the notoriety," he said.
"The relentless nature of this tactic being used by the criminal is designed to cause distress and harm. These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."
Cyber Security Minister Clare O'Neil said she felt the pain of those affected by the two most recent file drops.
"If there was a damn thing that I could do to put a stop to this, I would do it," she told Nine's Today Show on Friday.
"There is an enormous amount of work that has gone into trying to stop harm from resulting from this, trying to wrap our arms around the victims of this horrible crime."
It's believed the hackers are using medical reference codes to sift through the data they stole to generate files on specific health issues.
The AFP and the Australian Signals Directorate were the "cyber guns" of the federal government and were working hard to disrupt the hackers, Ms O'Neil said.
'In slumber about cybersecurity threats'
The minister also stressed that Australian businesses must awaken to the urgency of the threat posed by hackers.
"We have been in a slumber about cybersecurity threats that face us," she said.
"We need to wake up from that slumber."
The first wave of files dropped on Wednesday included names, birth dates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank's ahm customers, and passport numbers for international student clients.
Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the group hacked into its system last month.
No credit card or banking details were accessed.
Medibank is providing mental health support and other support services that can be accessed by affected customers via its website.
Readers seeking support with mental health can contact Beyond Blue on 1300 22 4636. More information is available at . supports people from culturally and linguistically diverse backgrounds.
With AAP