Trisha Kae Andrada, Tech Times

For whatever reason, the Russian hackers' dark web blog, where they were posting customers' personal information they stole from the Medibank database, has been taken down.

According to The Guardian, it seems the website vanished somewhere between Monday and Tuesday, Nov. 21 and 22, and it has not been seen again since then. 

The blog post originally linked to the file server containing the compromised Medibank documents is still accessible online.

Before it Disappears

The hacker group, which authorities have tied to Russia and is thought to be connected to the REvil ransomware organization, published 1,500 records on Sunday, Nov. 20. 

These posts are related to medical claims on chronic conditions like heart disease, as well as the patient information of people with cancer, dementia, mental health conditions, and infections.

It was the seventh time data had been released after the insurance company had refused to pay the $10 million ransom.

On the blog, hundreds of customers' private information were available before Sunday, including 123 claims related to abortionmental health, and alcohol abuse. Such data includes, but is not limited to, identifiers like names, addresses, dates of birth, phone numbers, email addresses, and gender.

As a result of the website being taken down, there has been a disturbance in releasing individuals' personally identifiable information. 

However, it is not apparent what the source of the disruption was or whether the website will be brought back online.

Related Article: The Australian Government Plans to Restrict Paying Cyber Ransoms Following the Medibank Hack

Expert's Observation

In The Guardian's report, Emsisoft's threat researcher Brett Callow said that the site's downtime did not seem to indicate anything significant.

He said that leak sites go offline all the time but that they often reappear online within a few days. Not always, but usually. 

In some instances, they periodically go offline and somehow stay that way.

"That happened to REvil's initial site after the operation was seemingly disrupted by law enforcement. The bottom line is that we can't read too much into this. It could be something or it could be nothing," Callow explained.

The Australian Federal Police (AFP) refused to comment, saying that the investigation into the breach was still proceeding.

Previous Reports

The AFP commissioner, Reece Kershaw, said last week that the agency would be approaching Russian authorities through Interpol for help since it believed the hackers originated in Russia. 

The Russian embassy in Canberra issued a criticism in response to the news, accusing the AFP of a "politicized approach" for making the announcement without first contacting Russian officials.

Previous warnings from Medibank had cautioned consumers that the hackers' data postings would likely continue.

The AFP is conducting Operation Guardian alongside its criminal probe in an effort to safeguard Medibank clients whose information was leaked into the dark web.

It has said that it would investigate any secondary data sets and any efforts to sell the data or blackmail Medibank clients affected by the hack.

See Also: Optus Data Breach: Sydney Teenager Pleads Guilty to Blackmailing Nearly 100 Individuals

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: dark web blog Data Breach Medibank Australia
Join the Discussion