cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Medibank hackers give up, declare ‘case closed’ with final data dump

It seems the Medibank hackers have given up after a large file containing what is assumed to be the entire collection of customer records was posted on the dark web.

user icon Daniel Croft
Thu, 01 Dec 2022
Medibank hackers give up, declare ‘case closed’ with final data dump
expand image

The folder was posted on Thursday morning, containing a file made up of several compressed files that totalled over 5GB.

The files have not yet been verified, but the size suggests that they contain the rest of the stolen data. The hackers had previously informed Medibank that they had stolen 200GB worth of data, compressed down to 5GB.

In the post, the hackers called “case closed”, alluding that they had given up on being paid the $15.6 million ransom that they had requested from Medibank. The health insurer has taken a stance of not paying hackers a ransom, a move that has been supported by the Australian government.


“Happy Cyber Security Day!!! Added folder full. Case closed,” the post said.

The hackers, who are believed to be Russian-based and connected to the REvil ransomware group, had previously released data five times, with this last data dump being the sixth.

The stolen data contained the information of 9.7 million current and former customers, 5.1 million from Medibank, 2.8 million from budget brand ahm, and 1.8 million international customers.

The post comes not long after the blog where the hackers were posting the Medibank records was taken down. At the time, it was not known if it indicated the end of the hackers’ efforts.

“Leak sites drop offline all the time, but usually come back online within a few days. Usually, but not always. Occasionally, they drop offline and remain offline,” said Emsisoft threat analyst Brett Callow.

“That happened to REvil’s initial site after the operation was seemingly disrupted by law enforcement. The bottom line is that we can’t read too much into this. It could be something or it could be nothing.”

The Australian government has been making efforts to track down the hackers of Medibank and Optus, with the AFP announcing that it is looking to work with Russian authorities through Interpol.

Legislation was also passed that increased the fee for “repeated or serious” data breaches from $2.2 million to $50 million.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.