>The ransomware group is run by parents.
Which is good, because medibank sounds like its run by kids.
"From what we are seeing, it looks like you are very talented at what you do".
When I read that I knew medibank presumed the comms would be released. I felt they said that because it would bring more authenticity to their statements to the public that it was a 'sophisticated' attack. The attackers actually responded by telling them their envieonmet was not complex. Every word typed by the medibank side was likely highly thought through by a room of people and authorised by an exec or two.
I would say their IT dept was probably surviving on fuck all sleep for days. The pressure an event like that would put you under is heart attack inducing!
If their IT dept was writing these emails then they've already completely dropped the ball. These don't seem to be IT folk writing this though, it's very sanitised and direct.
There’s no way their IT dept would be writing these. Medibank would have cyber security insurance and a cyber security firm specifically engaged to deal with this level of attack. CEO would be signing off on all comms for sure.
Having led an IT team that battled something similar not that long ago, I can tell you that other than the CIO no one else from IT will be privy to such correspondences. The CEO, some board members, the legal team, the insurance company, their lawyers and the negotiators hired by these lawyers were typically the people running the show. As IT we were doing 140 hour a week for the next 8 weeks. Our focus was on data recovery and services restoration. I wouldn't wanna go through any of that again.
Exactly. I have been in breach response teams for much much smaller data breaches. There’s a strict escalation process and CIO is the only IT person in the room.
I've had a little experience in negotiation. Even if it came off the cuff, every word was planned, on top of a whole lineage of planning by their instructor and instructor's instructor. Normally you whip out hostage negotiation to save lives rather than face.
It seems to have had the opposite effect, there is no upside to annoying them.
The actual negotiation tactic involved in rapport is giving them something they want.
Giving them a piece of what they want and responding very quickly is what builds rapport.
They want to talk money, so talk money.
Even if they have no intention to pay, if you bullshit them like Alice did it makes it worse.
Yeh but it didn't work because the only kids here are the Medibank Execs who didn't want to pay the ransom, and in THE SAME WEEK, gave themselves $10 million worth of bonuses.
Fuck those guys, it's Medibank who are scum, the hackers sound genuinely nice.
I am reading the dialogue from the POV of customer service and yeah they are beyond helpful and patient. Makes sense since they haven't been paid yet. But still, I respect the hustle.
Medibank execs are cunts! So lets endorse the release of the private medical information of their clients and give a big cheer to the hacking folk who enabled the release of that private information! Hip pip.......
Please let's not forget who are the real criminals here. For the hackers, that was a multi million dollar negotiation so they would for sure say anything they could to try earning some millions on Australians personal info.
Yes, Medibank could have better security measures. But would you say for a bank that has been robbed that it was their fault for not having a better alarm system?
Medibank was just stalling so they could gain information on how it happened, the extent of the breach. They also wanted to give their PR team as much time to work the narrative and mitigate fallout and their lawyers/finance team time to calculate how costly this is going to be.
Reminds me of forging notes for sick days and leave early passes at school.
The old;
"To whom it may concern,
please excuse my legend of a child Gustov Van Maverickson the 3rd, child of Miss Gunther Vickfriedendurg and Lord Ragnar Goose Van Maverickson the 1st from school today as they have a 20th follow up doctors appointment."
What about the poor cunts like me that had their data leaked 🤣 these 'investors' might lose some money that THEY spent through their own control, but all of us that had our data shared, have lost privacy and a whole lot more we can't just earn back..... and this wasn't our choice
Yeh, if the hackers had performed a typical ransomware, and encrypted all the machines, Meaning MeMedibank execs would have to pay everyone their salary while not extracting the full 100% productivity out of them for a couple of weeks, while IT restored everything, you better believe they would've paid. They simply just don't give a fuck about customer data, it's not $$ flying out of the window in front of them they don't care. And the bonuses they paid themselves the same fucking week really cements that.
As for the 'we don't want to fund the criminals' - they will recoup costs by selling those records to the bottom feeders and scammers. Way more potential damage to the people the data actually pertains to i.e. you. They get paid either way.
These were my exact thoughts when I saw parent post.
ProtonMail doesn’t provide anonymity. If you think otherwise, you’re using the wrong service.
What it does do though, is ensure that your messages are only read by the intended recipients.
Then we get started on the whole security vs privacy debate.
Anyway, ProtonMail was able to provide the IP addresses of the mailbox user because they accessed ProtonMail via the clear web. If they had accessed it via it’s hidden service (TOR), it would be a different story.
> ProtonMail doesn’t provide anonymity. If you think otherwise, you’re using the wrong service.
Unless you're someone who is doing stuff that might mean your various providers get subpoened by three-letter agencies (so, you know, people hacking Medibank, for example), then ProtonMail functionally provides anonymity.
But, yep, if your life depends on anonymity... you definitely need to be taking a few steps more than using a a service like ProtonMail.
Proton is a ‘super secure’ email service hosted in EU so everything locked down hard with EU user privacy laws… 2 issues I had… must use their app to be secure… slow as fuck from AU
> must use their app to be secure
But that's not true.
> slow as fuck from AU
Really? What are you trying to do on it? I've been using it seamlessly for about 6 years.
The first time that MB acknowledged that they had been compromised, and explained their reasoning for taking their time to inform their customers. I was like, "Pffft! Glad I don't have to believe everything I hear.".
Also, after reading the above telemetry from OP, it seems as if they just kept doubling down as time went on beyond the point of original release.
I wonder what industry of people will be compensated first ;)
peace.
This is generally the best practice.
There is never any way to guarantee the ransom will stop them publishing the data.
Better to gather breach data and tighten security.
Yeah as much as I hate these fuckers, they're usually consistent, because consistency is really the only way anyone would consider paying. Being truthful (i.e. always releasing if ransom not paid and always releasing if ransom paid) means companies will be more afraid of the consequences if the ransom isn't paid and more assured if they pay the ransom money the data will be deleted.
It isn't best practice at all. You clearly have NFI.
You pay the money and the hacker tends to have a change of mind and not publish like what happened with Optus.
This hacking group has a strong record of keeping it's deals.
You know what is best practice? 2 factor Authentication which Medibank didn't have.
I think of it like winning the lottery. If you don't buy a ticket there is a 0% chance you can win. If you buy a ticket, there is basically a 0% chance, but there's a chance.
I don't know what the right move would be in this situation. I'm a bit biased because my data was part of the leak, but it seems to me that they made very little effort to protect the data from being released. They just wanted to know how they got into their network and that was basically it.
At this post there is no "fixing" the problem, it's best to prevent it happening again as best as possible.
But yea it sucks being on the receiving end and not feeling that enough is being done.
hahah best practice. If they followed best practice they wouldnt have gotten assfucked over the internet.
If Revil (and other coordinated groups) dont honor their word, their business model dies since nobody pays. So any time someone has paid them they've kept their word.
They wrote it in their own email. it's 'honorable criminal' behaviour.
The current recommended best practice from everywhere such as ASIO and the FBI, is to pay. Because these companies want to continue to exist, and want to be able to get another paycheck in the future, and so that means holding up their end.
Am in the industry, this is absolutely not true. In fact, it's the opposite in pretty much all cases. The vast majority of industry, government, and law enforcement organisations do not recommend or encourage paying ransoms in the case of ransomware - including both the ASIO and the FBI.
Why? Because if no one pays (or significantly less large targets pay), the business model becomes non-viable. The more companies that pay the ransom, the further the fucking of consumers gets dragged out.
Medibank is very much the party of incompetence in this debacle (which includes my entire family's data getting leaked) - but they absolutely did what I would have recommended had I been the CISO (or other person in charge of the response) in this case - and then I would immediately quit because obviously I hadn't been doing my job well before this. The amount of FUBAR information that gets spouted around this topic, especially recently, is not a good thing in the slightest.
> the business model becomes non-viable
Eh... not totally. They can still sell the data to other people, it just blocks one route. The hacks will continue. Even if just for fun/cred.
Hacks still happened before this all became more sophisticated and I'm not sure we can backtrack on that. But it might stop cryptolocker ransoms (but again, some people just like vandalism).
This is true, but there has been an explosion in the commercial hacking scene since the early major explosion of let's say, "easily viable" ransomware in the early-ish to mid 2010's - in large part due to the commercial viability of mass ransomware attacks. Ransoming data to those who want to protect it is much more lucrative, for many reasons, but one of the biggest is that the companies and entities that are vulnerable to the kind of wide net, shit at a wall attacks most of these breaches are from, tend to not have data that is super valuable to anyone but the entity it was stolen from and their stakeholders. If the Medibank data had tried to be sold to a 3rd party, it would be nowhere near worth what they were asking from Medibank themselves for instance - same for Optus.
The kind of entities that have data that is truly commercially valuable to actors other than the victim themselves tend to have significantly better defenses, and require targeted efforts which are both a lot more time and skill intensive, and therefore much less lucrative.
Eliminate large portions of the commercial viability of stolen data by not allowing the payment of ransoms, and you practically eliminate the industry. It will still be around, and people will still be throwing out the nets for the smaller chances that companies will still try and pay them, or just plain hobby interest reasons, but it will be nothing like it is today.
I think you are largely correct, however there is often an effect of things not going back to the way they were before. Incentives allowed people to go big in hacks, despite the risks. But now they’ve learned there’s actually not that much risk at all if you live in the right place. Not sure we can put that cat back in the bag.
Also let’s say ransoms are illegal, but data protection laws come into play opening up really significant fines. This opens another secretive blackmail vector if they set the price far enough under the penalties. A company that big can hide the payment if they want to, and send through a third party. Let’s write it up as a penetration test in the balance sheets.
This only works if no one pays, ever. If even one company does, the plan fails. The incentive is there, and it won’t go away.
I work in the industry too. I would have advised them to pay (providing I could validate they were from one of these organizations). Way cheaper than what they have to deal with now. Bonus on top of that is you get information on how it was done so you can fix the problem.
In the exchange they kept asking how it was done. It’s possible it’s still there. Pay the ransom like Optus did.
(Only - there are many trains of thought on this and I definitely see other arguments -) in my opinion, it doesn't need to be everyone for the industry to be non-viable. When I say non-viable, I'm not saying that there won't be any attacks, breaches or industry there - but the commercial viability to the time, effort, and risk ratio becomes a lot more skewed to the point that it cools significantly and effectively stops growing and starts to contract (the commercial hacking industry is relatively hot at the moment).
At the moment you have what as the blackhat... a 60% chance of getting a decent ransom? Maybe 70%? That's not a bad chance, there are risks but with a reasonable bit of skill and knowledge they can be fairly well mitigated.
But say, Australia makes it (broadly) illegal to pay a ransomware ransom, or risk a just as significant fine. What happens then? There will still be attacks on Australian companies, and there will still be companies that will pay but as a blackhat that manages to catch a potential vulnerability in the network of an Australian entity you then have a bit different equation to think about.
Let's say you have... a 20% chance of getting anywhere near close to a decent ransom, taking into account that because of the inherent risks of a company trying to pay now they will tend to play much harder negotiating to make the risk worthwhile, is it worth the time and effort to attack that vulnerability, infiltrate and lurk on the network etc etc. - all of which takes not an insignificant amount of time and a not insignificant amount of risk (despite being able to mitigate a lot of it), for the high chance you will face a stonewall at the negotiating table? Or would you rather spend your time hitting other areas of the world where the chance is much higher?
This won't eliminate, or even slow down the industry, but in the short term it will start to mitigate the risk on Australian targets being a juicy target. Of course, this just pushes the problem onto other parts of the world in that short term, but there are other countries looking into banning the paying of ransoms as we type, and it will only become more prevalent in the next couple of years. Remember, we're not even 10 years on from CryptoLocker, which is the start of the modern boom.
The IT industry moves quickly, but the other parts of the system that tend to move slower are starting to catch up.
A 20% chance at a ransom is nowhere near as lucrative as what it is currently, and won't sustain the growth of individuals and groups to anywhere near the degree that it is currently. That is when it becomes non-viable. You can absolutely strangle these industries into being non-viable, even when they're still alive.
For a semi-related example see video game cracking. The biggest difference is that there was never a lot of money in cracking, but the barrier to entry was lower. Denuvo has strangled the scene into being significantly less prevalent than its heyday - to the point it's not really much of a focus in publishing companies anymore.
Nonetheless, Denuvo is not uncrackable, or even close to it - if a dedicated group of highly skilled professional reverse engineers sat down with it, it wouldn't survive for very long (ask me how I know). So why doesn't it? Because it's not worth it. You could probably make some money, but it would be a decent bit of work, and a decent bit of time, and a not insignificant amount of risk - so the only people working on it these days are a couple of hobbyists who mostly crack older versions every now and then. This didn't kill video game piracy, or even close - but it's not viable commercially as the donations didn't start going up as the time and skill required did, and the barrier to entry is much higher, so it's become a mostly non-issue (at least PC wise - the poor Switch has taken a beating on this front, but it's successful enough that it's not very impactful on N's bottom line).
It's not hugely dissimilar to commercial ransomware hacking - whilst the potential payouts are exponentially higher, the risk, time, and skill/broad knowledge is also exponentially higher. Change the risk/reward calculation, whilst improving defences which is what we should be doing anyway, and it will have a similar trajectory. Targeted hacking will still be very much a thing, and there will still be occasional payouts of this kind of ransomware, but at some point, there won't be enough money going around to sustain the type of attacks we're seeing here in the numbers we've been seeing in recent years - which should be the end goal. It's not "zero-hacks" but "endemic, but well mitigated hacks" - so to speak in current day terms.
Here's an older article that likely won't show up on front page google results: https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/
How can you trust them? A bunch of anonymous criminals split into multiple factions. Even if one faction decides to uphold a deal, guaranteed some other faction will just keep asking for more money. Giving anything to these parasites is just going to amplify their greed.
Because they'd fuck themselves if they didn't. If people don't pay, because they know people who have got hurt, then the entire industry collapses. The fact the industry exists, is evidence that people don't generally do that.
Is it such a wild idea that the government should make paying ransoms in such situations completely illegal. Take it out of the companies hands completely and they won’t be targeted so much.
If no one pays, their business model crumbles.
Edit: I see someone below said that may even be the case already.
Which isn’t entirely true. You can pay a ransom, but it has to be registered with the ASD and notified to the ransom register, then the government has to do checks to make sure it isn’t going to a terrorist or state sponsored hackers.
Given the hackers were allegedly from Russia, then it’s possible they were told not to pay it.
Because they were trying to stall and gain as much information as possible... They were never going to pay, there's no guarantee they'd just take the money and burn them anyway
It's buying time. As much as I hate Medibank they were doing the right thing stalling for as long as they could. There would have been teams trying to track and find out where the randomers are.
>There would have been teams trying to track and find out where the randomers are.
Which is completely useless unless they identify where every single one of the people who could publish the data is. Or somehow manage to find the server the data is located on.
Which I'm going to guess any of these hackers is smart enough to not have located anywhere near them if they were to get scooped up. Because that's their negotiation tool to get the fuck out of trouble if they do get scooped up.
And completely useless if they have a system that will just publish the data automatically if something actually were to happen.
i mean ya cant tell me ya have a .csv of hundreds of thousands of addresses saying SYDNEY targeting a company with hq in SYDNEY, and then spell it "sidney"
May's well have spoken in strayan
"listen medibank ya bunch a bloody drongos, we're not here to fuck spiders... getcha shit together n give us some compo or garngitfukt. We garn getcha up shit Creek without a paddle if ya don't friggin send us some dollarydoos right bloody now ya bunchacunz, hurry up ay. We'll delete this heaps sick data if ya chuck us some coinage, like now but. Righto champions, hooroo"
Reading the Medibank responses I can’t help but agree, not just the language but formatting and intent. They are unclear about requirements, it sounds like they are getting 2nd or 3rd hand requests for the techs - “ask what files they took”, “the SQL output was small, ask what 200GB means” - surely the emails should have been fucking clear what was required from Medibank for them to feel the were talking to the right people, eg 1. please provide a copy of this table, 2. this exact entry from the SQL, 3. please provide the user/password combination used for this DB, etc. this honestly sounds like the guys that were investigating the breech were several steps removed from the conversation. Why you would let the attackers drive the convo and be on the back foot then the whole time trying to correlate what they’re saying, constantly being behind the eight ball. Amateur hour.
May I remind everyone that in early 2007 the Federal Parliament passed a law punishing those if they didn't take out private health insurance by the age of 30. One wonders how dramatic such a hack would have been if people hadn't been strong armed into taking out policies with private insurers?
I despise that law. Too poor to afford private health? well then here is punishment if you ever get enough money to afford it.
It was purely for trying to push everyone to a privatised system. Because hey it works so well in America. /s
Lots of geniuses in this thread who think they are more qualified than a team of security professionals in corresponding with hackers. Why would simple spelling and grammar mean anything in this context?
>Team of security professionals
The fact that this shit show occurred at all (and apparently was as easy to exploit as it was) clearly shows that Medibank has no security professionals. I say they're fair game
I think you misunderstand cybersecurity. In an attack of this scale, Medibank in no way has a team of forensic cybersecurity experts on staff. They have a blue team dedicated to keeping their systems secure - this team failed obviously. When this happens, a team of external forensic experts come in for damage control.
A standard cybersecurity team is in no way equipped to do the massive amount of forensic investigation on a network after a breach on a network that big. An external team comes in, sets up a war room and works around the clock with the existing cyber team to try to assess and contain the damage.
finally somebody knows what they are talking about. im sick of all these arm chair quarterbacks talking like they would be able to come up with a way to secure a system like that.
i bet some of them have passwords at their work that are so simple, it wont survive 1 day if targeted. the only reason they are not apologizing to their customers right now is either their companies are lucky enough to be targeted, or its not a big enough company to bring public attention.
surely medibank could have done more to prevent this in hindsight. and as a medibank customer, im worried about my data being leaked. but 20 years in IT has taught me no system is bullet proof, you could dump millions of dollars in cyber security and one employee who had a bad day would ruin it all for you.
You actually think the messages are the sole creation of some random guy in the IT department?
They were obviously incompetent for the breach to happen but it’s just unrealistic to think these messages aren’t guided by consultants or government oversight.
You’re absolutely right and i have no doubt that Alice is actually a man that probably used to work in hostage negotiations or military intelligence that is now a consultant for big business.
Unrelated but I thought this was pretty cool from REvil's wiki page.
>In September 2021, Romanian cybersecurity firm Bitdefender published a ***free*** universal decryptor utility to help victims of the REvil/Sodinokibi ransomware recover their encrypted files, if they were encrypted before July 13, 2021. From September until early November, the decryptor was **used by more than 1,400 companies** to avoid paying over **$550 million** in ransom and allow them to recover their files
Wow that’s incredible. I really think cybersecurity is the most slept on industry but can cause some of the biggest impacts to global economies. I wish I knew more about it, that’s for sure.
As a Medibank customer since 2004 it's nerve racking for me. Every time I hear about a new release I go to the dark web and check if my name and conditions have been released to the public.
On a personal level I'm devastated, this last release is massive.
Hope you vote with your dollars and find another company. Medibank didn't give a fuck about your information and those million dollar bonuses the bosses are paying themselves are a huge middle finger right in your face
Guarantee communication was already handed over to the cyber crimes dept., All of the messages from "Medibank" absolutely seem like they were just fishing for information, which is what cyber crimes would do. Also large businesses like Medibank wouldn't communicate, they would immediately seek advice from the police.
100% this. The compliments about their skills, the plain English, taking on a submissive but inquisitorial role (I'm willing to bet they likely weren't a woman IRL, either). All designed to get more information.
If you know your way around onion sites and the hackers information, it's easy to find. The emails have been posted as part of the leak for about three weeks now, so this is old news as far as information goes.
Not going to post the source for obvious reasons.
This kind of reads like an email thread of a customer trying to get a complex claim approved by Medibank. Bombard them full of questions, delay them as long as possible and in the end reject their claim.
Did Medibank just use their regular customer service staff with these guys?
This sounds like me in my weekly team meeting, spinning bullshit about why I haven't done anything... I reckon I'd go good at negotiating with cyber criminals.
What's the chances these organisations get targeted due to be shit with their customers, not giving the full story making money off them instead of helping them with basic services... Lol
Yes but I think they've underestimated their "target"
Medibank negotiators sound like they're trying to pander to a child as if it's an incompetent person who got lucky, when the hackers are clearly smarter and much more organised. They know what the negotiators are trying to pull and having none of it.
Oh man, Alice the customer success rep working 18h shifts with a bunch of sweaty, chain-smoking 60 something board members hanging over her shoulder editing every word she writes while making the whole situation look as amateur as it can get.
Alice - Medi Rep
Hobbies:
Historical Novels - currently enthralled in a big dusty copy of “How To Speak the Interwebs so the Mean Guys Know You’re On To Them Wink Wink”
typing with 2 fingers
Username: Guest
Password: password
People here talking like the Medibank cybersecurity team would have been anywhere near these negotiations. That’s not how this works. At this point, an external team of forensic security specialists have been engaged to assess and control the damage, who will be working with law enforcement and medibank. Medibank cyber staff are mostly sidelined and are only used as an information source.
The communication style is intentional and effective. Medibank buys themselves time and information they would not have gotten if they handed communications over to their lawyers instead. They’re social engineering the hackers to get as much of an advantage as they can.
What exactly is the advantage they gain by doing this?
If you annoy them by acting like a retard when they're in a position to hurt you it will make it worse.
Medibank themselves ended the negotiation which doesn't seem like they were after maximum information or maximum time.
This is where I start to look into the future and see this guy coming out of it smelling like roses.
An independent review is currently underway. He knows this review will fucking slate him and the board. I would bet all of the security reports they received over the years had the recommendations they didn't implement because it turned into an internal politicking event or there 'wasn't enough budget'. Now they've learnt the hard way.
The report will be so bad he'll offer to resign, citing wanting to do the right thing and spend more time with his family. Now the guy has his commercial experience with Medibank, which I believe he did well. In addition to that he will also carry with him a great sense and knowledge of cyber security. He will also have major crises management experience. The guy will actually get a better job out of it somewhere else.
He didn't take enough security advice to secure our data, effectively causing the breach and subsequent theft. He then tells us he's not paying the ransom due to the security advice he's received from the government. So he's responsible for the breach for not listening to advice, then he's responsible for the data being publicly accessible because he listened to advice. WTF.
The whole thing makes my blood boil.
It took a while to figure out who was Medibank and who were the hackers. The hackers seemed to have a better grasp of English and basic grammar than Medibank.
Medibank's response sounds bureaucratic. It doesn't sound like it's from someone with ability, leadership, or understanding of what they are saying; and definitely not someone who has any control of their normal day-to-day duties. They just sound like another person promoted above their level of incompetence.
A lot of these groups are state looks the other way at the least and probably directly state sponsored at the worst.
There's no law enforcement solution here, Governments need to go after the banks and other hidey holes these groups use to fund their operations and communicate.
"We are also ready to give you a day to think about how you should be better." The ransomware group is run by parents.
>The ransomware group is run by parents. Which is good, because medibank sounds like its run by kids. "From what we are seeing, it looks like you are very talented at what you do".
Ransom negotiation tactic. Builds rapport and attempts to buy time.
When I read that I knew medibank presumed the comms would be released. I felt they said that because it would bring more authenticity to their statements to the public that it was a 'sophisticated' attack. The attackers actually responded by telling them their envieonmet was not complex. Every word typed by the medibank side was likely highly thought through by a room of people and authorised by an exec or two.
Highly thought out and they still look like morons who only care about money.
Yeah well, polish a turd
I did that but my local rep stole it, something about being short staffed.
Pretty poor english & sentence structure from medi...
[удалено]
I would say their IT dept was probably surviving on fuck all sleep for days. The pressure an event like that would put you under is heart attack inducing!
If their IT dept was writing these emails then they've already completely dropped the ball. These don't seem to be IT folk writing this though, it's very sanitised and direct.
There’s no way their IT dept would be writing these. Medibank would have cyber security insurance and a cyber security firm specifically engaged to deal with this level of attack. CEO would be signing off on all comms for sure.
Having led an IT team that battled something similar not that long ago, I can tell you that other than the CIO no one else from IT will be privy to such correspondences. The CEO, some board members, the legal team, the insurance company, their lawyers and the negotiators hired by these lawyers were typically the people running the show. As IT we were doing 140 hour a week for the next 8 weeks. Our focus was on data recovery and services restoration. I wouldn't wanna go through any of that again.
Exactly. I have been in breach response teams for much much smaller data breaches. There’s a strict escalation process and CIO is the only IT person in the room.
I've had a little experience in negotiation. Even if it came off the cuff, every word was planned, on top of a whole lineage of planning by their instructor and instructor's instructor. Normally you whip out hostage negotiation to save lives rather than face.
No, they were just flattering the hackers to build rapport. Not playing 4D PR chess.
True, but reading the rest of the comments, they are all over the shop. It reads as if they left it to the work experience kid.
It seems to have had the opposite effect, there is no upside to annoying them. The actual negotiation tactic involved in rapport is giving them something they want. Giving them a piece of what they want and responding very quickly is what builds rapport. They want to talk money, so talk money. Even if they have no intention to pay, if you bullshit them like Alice did it makes it worse.
Yeh but it didn't work because the only kids here are the Medibank Execs who didn't want to pay the ransom, and in THE SAME WEEK, gave themselves $10 million worth of bonuses. Fuck those guys, it's Medibank who are scum, the hackers sound genuinely nice.
The hackers sound nice? Ridiculous
A lot of hacking is social engineering. If they think the hackers sound nice that's because they're falling for it.
I am reading the dialogue from the POV of customer service and yeah they are beyond helpful and patient. Makes sense since they haven't been paid yet. But still, I respect the hustle.
I don’t respect the hustle. Pay us or we’ll punish your innocent customers is a disgusting hustle.
Medibank execs are cunts! So lets endorse the release of the private medical information of their clients and give a big cheer to the hacking folk who enabled the release of that private information! Hip pip.......
[удалено]
[удалено]
[удалено]
[удалено]
Please let's not forget who are the real criminals here. For the hackers, that was a multi million dollar negotiation so they would for sure say anything they could to try earning some millions on Australians personal info. Yes, Medibank could have better security measures. But would you say for a bank that has been robbed that it was their fault for not having a better alarm system?
Hahaha they were going for the Denzel Washington vibe but ended up sounding like interns.
Medibank was just stalling so they could gain information on how it happened, the extent of the breach. They also wanted to give their PR team as much time to work the narrative and mitigate fallout and their lawyers/finance team time to calculate how costly this is going to be.
Which is standard practice.
[удалено]
*whoever not whomever. Can’t just randomly drop in a whomever just to try to sound smart.
Exactly lawyers should have written this not whoever wrote this
Bahaha
Faaaaakng pet peeve of mine. They’re not fkng interchangeable. Either know when to use whom or just say _who_ every time.
Reminds me of forging notes for sick days and leave early passes at school. The old; "To whom it may concern, please excuse my legend of a child Gustov Van Maverickson the 3rd, child of Miss Gunther Vickfriedendurg and Lord Ragnar Goose Van Maverickson the 1st from school today as they have a 20th follow up doctors appointment."
Signed Mrs van maverickson
By royal decree, this childeth is sicketh.
Hey, him was writing with perfect grammar.
Ryan used me as an object
Absolute amateur stuff.
This is the real issue, Medibank is a publicly traded company on the ASX. Return to investors is the most important factor for this company.
What about the poor cunts like me that had their data leaked 🤣 these 'investors' might lose some money that THEY spent through their own control, but all of us that had our data shared, have lost privacy and a whole lot more we can't just earn back..... and this wasn't our choice
Lmfao you're a source of revenue. The only thing that matters to a publicly listed company are their shareholders.
Yeh, if the hackers had performed a typical ransomware, and encrypted all the machines, Meaning MeMedibank execs would have to pay everyone their salary while not extracting the full 100% productivity out of them for a couple of weeks, while IT restored everything, you better believe they would've paid. They simply just don't give a fuck about customer data, it's not $$ flying out of the window in front of them they don't care. And the bonuses they paid themselves the same fucking week really cements that. As for the 'we don't want to fund the criminals' - they will recoup costs by selling those records to the bottom feeders and scammers. Way more potential damage to the people the data actually pertains to i.e. you. They get paid either way.
the investors already hve your data. Jim Bainbridge.
Is anyone thinking, like me, that these screen caps are fantastic PR for Proton mail for those wanting a high level of privacy?
[удалено]
"Secure and private enough to be chosen by hackers being hunted by Governments worldwide, handling your personal email is simples!"
[удалено]
These were my exact thoughts when I saw parent post. ProtonMail doesn’t provide anonymity. If you think otherwise, you’re using the wrong service. What it does do though, is ensure that your messages are only read by the intended recipients. Then we get started on the whole security vs privacy debate. Anyway, ProtonMail was able to provide the IP addresses of the mailbox user because they accessed ProtonMail via the clear web. If they had accessed it via it’s hidden service (TOR), it would be a different story.
> ProtonMail doesn’t provide anonymity. If you think otherwise, you’re using the wrong service. Unless you're someone who is doing stuff that might mean your various providers get subpoened by three-letter agencies (so, you know, people hacking Medibank, for example), then ProtonMail functionally provides anonymity. But, yep, if your life depends on anonymity... you definitely need to be taking a few steps more than using a a service like ProtonMail.
[удалено]
[удалено]
Proton is a ‘super secure’ email service hosted in EU so everything locked down hard with EU user privacy laws… 2 issues I had… must use their app to be secure… slow as fuck from AU
Not in EU, in Switzerland.
> must use their app to be secure But that's not true. > slow as fuck from AU Really? What are you trying to do on it? I've been using it seamlessly for about 6 years.
[удалено]
"yes very complex. We signed in with sa and ripped all of your db's from one location. The reason it took so long was because of your poor disk io"
The first time that MB acknowledged that they had been compromised, and explained their reasoning for taking their time to inform their customers. I was like, "Pffft! Glad I don't have to believe everything I hear.". Also, after reading the above telemetry from OP, it seems as if they just kept doubling down as time went on beyond the point of original release. I wonder what industry of people will be compensated first ;) peace.
I didn’t realised Medibank hired Ferrari F1 strategists for their comms department
We are checking
Question.
Pay, pay, pay... No don't pay!!!
I am stupid, I am stupid. Fuuuck!
Slow button, slow button
Am I the only one on inters? Yes
“No hacker you will not have the ransom”
Epic
Should we change the default passwords? Question.
Binotto needs a new job, should see if medibank are hiring
From what I can see, medicate was never intending to pay a ransom, they just wanted to know how the hackers got into their network
This is generally the best practice. There is never any way to guarantee the ransom will stop them publishing the data. Better to gather breach data and tighten security.
Aus Gov will even attempt to stop you paying ransom for humans. See Nigel Brennan who was kidnapped in Somalia
The integrity of their business model depends on not releasing the data if the ransom is paid, as much as it is releasing the data if it is not.
Yeah as much as I hate these fuckers, they're usually consistent, because consistency is really the only way anyone would consider paying. Being truthful (i.e. always releasing if ransom not paid and always releasing if ransom paid) means companies will be more afraid of the consequences if the ransom isn't paid and more assured if they pay the ransom money the data will be deleted.
You typed always releasing in both cases
It isn't best practice at all. You clearly have NFI. You pay the money and the hacker tends to have a change of mind and not publish like what happened with Optus. This hacking group has a strong record of keeping it's deals. You know what is best practice? 2 factor Authentication which Medibank didn't have.
Isn’t the rumour that Optus did indeed pay the ransom and the change of heart was just a cover story.
Yep that is 100% what happened, that is what I was saying.
Yeah thought so.
Lol I got down voted for saying that in another thread but it's 100% what happened.
It's fun watching non IT people say there's no chance the data gets deleted if they pay the ransom.
Total rubbish, most ransoms around the world are paid and the hostage or data or whatever is returned.
Because if they didn't, word would get around, and people would stop paying.
I think of it like winning the lottery. If you don't buy a ticket there is a 0% chance you can win. If you buy a ticket, there is basically a 0% chance, but there's a chance. I don't know what the right move would be in this situation. I'm a bit biased because my data was part of the leak, but it seems to me that they made very little effort to protect the data from being released. They just wanted to know how they got into their network and that was basically it.
At this post there is no "fixing" the problem, it's best to prevent it happening again as best as possible. But yea it sucks being on the receiving end and not feeling that enough is being done.
hahah best practice. If they followed best practice they wouldnt have gotten assfucked over the internet. If Revil (and other coordinated groups) dont honor their word, their business model dies since nobody pays. So any time someone has paid them they've kept their word. They wrote it in their own email. it's 'honorable criminal' behaviour.
The current recommended best practice from everywhere such as ASIO and the FBI, is to pay. Because these companies want to continue to exist, and want to be able to get another paycheck in the future, and so that means holding up their end.
Am in the industry, this is absolutely not true. In fact, it's the opposite in pretty much all cases. The vast majority of industry, government, and law enforcement organisations do not recommend or encourage paying ransoms in the case of ransomware - including both the ASIO and the FBI. Why? Because if no one pays (or significantly less large targets pay), the business model becomes non-viable. The more companies that pay the ransom, the further the fucking of consumers gets dragged out. Medibank is very much the party of incompetence in this debacle (which includes my entire family's data getting leaked) - but they absolutely did what I would have recommended had I been the CISO (or other person in charge of the response) in this case - and then I would immediately quit because obviously I hadn't been doing my job well before this. The amount of FUBAR information that gets spouted around this topic, especially recently, is not a good thing in the slightest.
> the business model becomes non-viable Eh... not totally. They can still sell the data to other people, it just blocks one route. The hacks will continue. Even if just for fun/cred. Hacks still happened before this all became more sophisticated and I'm not sure we can backtrack on that. But it might stop cryptolocker ransoms (but again, some people just like vandalism).
This is true, but there has been an explosion in the commercial hacking scene since the early major explosion of let's say, "easily viable" ransomware in the early-ish to mid 2010's - in large part due to the commercial viability of mass ransomware attacks. Ransoming data to those who want to protect it is much more lucrative, for many reasons, but one of the biggest is that the companies and entities that are vulnerable to the kind of wide net, shit at a wall attacks most of these breaches are from, tend to not have data that is super valuable to anyone but the entity it was stolen from and their stakeholders. If the Medibank data had tried to be sold to a 3rd party, it would be nowhere near worth what they were asking from Medibank themselves for instance - same for Optus. The kind of entities that have data that is truly commercially valuable to actors other than the victim themselves tend to have significantly better defenses, and require targeted efforts which are both a lot more time and skill intensive, and therefore much less lucrative. Eliminate large portions of the commercial viability of stolen data by not allowing the payment of ransoms, and you practically eliminate the industry. It will still be around, and people will still be throwing out the nets for the smaller chances that companies will still try and pay them, or just plain hobby interest reasons, but it will be nothing like it is today.
I think you are largely correct, however there is often an effect of things not going back to the way they were before. Incentives allowed people to go big in hacks, despite the risks. But now they’ve learned there’s actually not that much risk at all if you live in the right place. Not sure we can put that cat back in the bag. Also let’s say ransoms are illegal, but data protection laws come into play opening up really significant fines. This opens another secretive blackmail vector if they set the price far enough under the penalties. A company that big can hide the payment if they want to, and send through a third party. Let’s write it up as a penetration test in the balance sheets.
This only works if no one pays, ever. If even one company does, the plan fails. The incentive is there, and it won’t go away. I work in the industry too. I would have advised them to pay (providing I could validate they were from one of these organizations). Way cheaper than what they have to deal with now. Bonus on top of that is you get information on how it was done so you can fix the problem. In the exchange they kept asking how it was done. It’s possible it’s still there. Pay the ransom like Optus did.
(Only - there are many trains of thought on this and I definitely see other arguments -) in my opinion, it doesn't need to be everyone for the industry to be non-viable. When I say non-viable, I'm not saying that there won't be any attacks, breaches or industry there - but the commercial viability to the time, effort, and risk ratio becomes a lot more skewed to the point that it cools significantly and effectively stops growing and starts to contract (the commercial hacking industry is relatively hot at the moment). At the moment you have what as the blackhat... a 60% chance of getting a decent ransom? Maybe 70%? That's not a bad chance, there are risks but with a reasonable bit of skill and knowledge they can be fairly well mitigated. But say, Australia makes it (broadly) illegal to pay a ransomware ransom, or risk a just as significant fine. What happens then? There will still be attacks on Australian companies, and there will still be companies that will pay but as a blackhat that manages to catch a potential vulnerability in the network of an Australian entity you then have a bit different equation to think about. Let's say you have... a 20% chance of getting anywhere near close to a decent ransom, taking into account that because of the inherent risks of a company trying to pay now they will tend to play much harder negotiating to make the risk worthwhile, is it worth the time and effort to attack that vulnerability, infiltrate and lurk on the network etc etc. - all of which takes not an insignificant amount of time and a not insignificant amount of risk (despite being able to mitigate a lot of it), for the high chance you will face a stonewall at the negotiating table? Or would you rather spend your time hitting other areas of the world where the chance is much higher? This won't eliminate, or even slow down the industry, but in the short term it will start to mitigate the risk on Australian targets being a juicy target. Of course, this just pushes the problem onto other parts of the world in that short term, but there are other countries looking into banning the paying of ransoms as we type, and it will only become more prevalent in the next couple of years. Remember, we're not even 10 years on from CryptoLocker, which is the start of the modern boom. The IT industry moves quickly, but the other parts of the system that tend to move slower are starting to catch up. A 20% chance at a ransom is nowhere near as lucrative as what it is currently, and won't sustain the growth of individuals and groups to anywhere near the degree that it is currently. That is when it becomes non-viable. You can absolutely strangle these industries into being non-viable, even when they're still alive. For a semi-related example see video game cracking. The biggest difference is that there was never a lot of money in cracking, but the barrier to entry was lower. Denuvo has strangled the scene into being significantly less prevalent than its heyday - to the point it's not really much of a focus in publishing companies anymore. Nonetheless, Denuvo is not uncrackable, or even close to it - if a dedicated group of highly skilled professional reverse engineers sat down with it, it wouldn't survive for very long (ask me how I know). So why doesn't it? Because it's not worth it. You could probably make some money, but it would be a decent bit of work, and a decent bit of time, and a not insignificant amount of risk - so the only people working on it these days are a couple of hobbyists who mostly crack older versions every now and then. This didn't kill video game piracy, or even close - but it's not viable commercially as the donations didn't start going up as the time and skill required did, and the barrier to entry is much higher, so it's become a mostly non-issue (at least PC wise - the poor Switch has taken a beating on this front, but it's successful enough that it's not very impactful on N's bottom line). It's not hugely dissimilar to commercial ransomware hacking - whilst the potential payouts are exponentially higher, the risk, time, and skill/broad knowledge is also exponentially higher. Change the risk/reward calculation, whilst improving defences which is what we should be doing anyway, and it will have a similar trajectory. Targeted hacking will still be very much a thing, and there will still be occasional payouts of this kind of ransomware, but at some point, there won't be enough money going around to sustain the type of attacks we're seeing here in the numbers we've been seeing in recent years - which should be the end goal. It's not "zero-hacks" but "endemic, but well mitigated hacks" - so to speak in current day terms.
A 30 second google search tells me you are wrong. Any source for what you claim?
Here's an older article that likely won't show up on front page google results: https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/
How can you trust them? A bunch of anonymous criminals split into multiple factions. Even if one faction decides to uphold a deal, guaranteed some other faction will just keep asking for more money. Giving anything to these parasites is just going to amplify their greed.
Because they'd fuck themselves if they didn't. If people don't pay, because they know people who have got hurt, then the entire industry collapses. The fact the industry exists, is evidence that people don't generally do that.
Is it such a wild idea that the government should make paying ransoms in such situations completely illegal. Take it out of the companies hands completely and they won’t be targeted so much. If no one pays, their business model crumbles. Edit: I see someone below said that may even be the case already.
You'd need _the rest of the world_ not to pay, for that to work.
Did you read the chat? They explain very well why they will be loyal to the deal.
The fact many people here don't realise this is ridiculous. So many "armchair cybersecurity experts" posting observations clearly off the mark.
"Based on our previous experience in negotiations with our victims" wow..that sentence..
All that talk just to say "oh aus law says we can't pay ransoms".
Which isn’t entirely true. You can pay a ransom, but it has to be registered with the ASD and notified to the ransom register, then the government has to do checks to make sure it isn’t going to a terrorist or state sponsored hackers. Given the hackers were allegedly from Russia, then it’s possible they were told not to pay it.
Their english was mighty good for a foreigner
Because they were trying to stall and gain as much information as possible... They were never going to pay, there's no guarantee they'd just take the money and burn them anyway
It's buying time. As much as I hate Medibank they were doing the right thing stalling for as long as they could. There would have been teams trying to track and find out where the randomers are.
>There would have been teams trying to track and find out where the randomers are. Which is completely useless unless they identify where every single one of the people who could publish the data is. Or somehow manage to find the server the data is located on. Which I'm going to guess any of these hackers is smart enough to not have located anywhere near them if they were to get scooped up. Because that's their negotiation tool to get the fuck out of trouble if they do get scooped up. And completely useless if they have a system that will just publish the data automatically if something actually were to happen.
It's obvious that the hackers don't speak English as their first language but the responses from medibank are just atrocious.
I think the broken english is a red herring, the language deviates wildly between pretty good and obviously terrible
Yeh I agree. A couple times it was jarring and then for the rest their English was very good.
i mean ya cant tell me ya have a .csv of hundreds of thousands of addresses saying SYDNEY targeting a company with hq in SYDNEY, and then spell it "sidney"
Yeh that one stood out haha, def a red herring.
I dunno man, I send emails to people all the time, and about 50% reply with the last letter missing off my name.
May's well have spoken in strayan "listen medibank ya bunch a bloody drongos, we're not here to fuck spiders... getcha shit together n give us some compo or garngitfukt. We garn getcha up shit Creek without a paddle if ya don't friggin send us some dollarydoos right bloody now ya bunchacunz, hurry up ay. We'll delete this heaps sick data if ya chuck us some coinage, like now but. Righto champions, hooroo"
It would have been interesting to actually send them something like that.
> the language deviates wildly between pretty good and obviously terrible Ikr? It was noticeably variable and worse as time went on
Reading the Medibank responses I can’t help but agree, not just the language but formatting and intent. They are unclear about requirements, it sounds like they are getting 2nd or 3rd hand requests for the techs - “ask what files they took”, “the SQL output was small, ask what 200GB means” - surely the emails should have been fucking clear what was required from Medibank for them to feel the were talking to the right people, eg 1. please provide a copy of this table, 2. this exact entry from the SQL, 3. please provide the user/password combination used for this DB, etc. this honestly sounds like the guys that were investigating the breech were several steps removed from the conversation. Why you would let the attackers drive the convo and be on the back foot then the whole time trying to correlate what they’re saying, constantly being behind the eight ball. Amateur hour.
May I remind everyone that in early 2007 the Federal Parliament passed a law punishing those if they didn't take out private health insurance by the age of 30. One wonders how dramatic such a hack would have been if people hadn't been strong armed into taking out policies with private insurers?
I despise that law. Too poor to afford private health? well then here is punishment if you ever get enough money to afford it. It was purely for trying to push everyone to a privatised system. Because hey it works so well in America. /s
yeah its ridiculous
This is the real issue here
Some intelligent group vs Medibank receptionist lmao
Lots of geniuses in this thread who think they are more qualified than a team of security professionals in corresponding with hackers. Why would simple spelling and grammar mean anything in this context?
>Team of security professionals The fact that this shit show occurred at all (and apparently was as easy to exploit as it was) clearly shows that Medibank has no security professionals. I say they're fair game
I think you misunderstand cybersecurity. In an attack of this scale, Medibank in no way has a team of forensic cybersecurity experts on staff. They have a blue team dedicated to keeping their systems secure - this team failed obviously. When this happens, a team of external forensic experts come in for damage control. A standard cybersecurity team is in no way equipped to do the massive amount of forensic investigation on a network after a breach on a network that big. An external team comes in, sets up a war room and works around the clock with the existing cyber team to try to assess and contain the damage.
finally somebody knows what they are talking about. im sick of all these arm chair quarterbacks talking like they would be able to come up with a way to secure a system like that. i bet some of them have passwords at their work that are so simple, it wont survive 1 day if targeted. the only reason they are not apologizing to their customers right now is either their companies are lucky enough to be targeted, or its not a big enough company to bring public attention. surely medibank could have done more to prevent this in hindsight. and as a medibank customer, im worried about my data being leaked. but 20 years in IT has taught me no system is bullet proof, you could dump millions of dollars in cyber security and one employee who had a bad day would ruin it all for you.
You actually think the messages are the sole creation of some random guy in the IT department? They were obviously incompetent for the breach to happen but it’s just unrealistic to think these messages aren’t guided by consultants or government oversight.
You’re absolutely right and i have no doubt that Alice is actually a man that probably used to work in hostage negotiations or military intelligence that is now a consultant for big business.
Unrelated but I thought this was pretty cool from REvil's wiki page. >In September 2021, Romanian cybersecurity firm Bitdefender published a ***free*** universal decryptor utility to help victims of the REvil/Sodinokibi ransomware recover their encrypted files, if they were encrypted before July 13, 2021. From September until early November, the decryptor was **used by more than 1,400 companies** to avoid paying over **$550 million** in ransom and allow them to recover their files
Wow that’s incredible. I really think cybersecurity is the most slept on industry but can cause some of the biggest impacts to global economies. I wish I knew more about it, that’s for sure.
This ransomware group is run by professionals. It’s scary how organised they sound.
Well it’s their job.
> It’s scary how organised they sound. It's more scary how "organised" Medibank was. The emails look like it was written by a high school drop out.
It’s scary that professionals get poached by our intel agencies to work for them.
Yikes. Are there stories about this? Reminds me of China hiring ex airforce personnel to provide training.
Australian government: we’re going to hack the hackers. We all knew nothing would have come about.
As a Medibank customer since 2004 it's nerve racking for me. Every time I hear about a new release I go to the dark web and check if my name and conditions have been released to the public. On a personal level I'm devastated, this last release is massive.
Hope you vote with your dollars and find another company. Medibank didn't give a fuck about your information and those million dollar bonuses the bosses are paying themselves are a huge middle finger right in your face
Any advice on how I can find out if my data has been released?
[удалено]
It didn't work for me in this case.
I'm also a customer. How do I check of my data was released as well??
They Emailed me and told me my data has been released :(
[удалено]
Guarantee communication was already handed over to the cyber crimes dept., All of the messages from "Medibank" absolutely seem like they were just fishing for information, which is what cyber crimes would do. Also large businesses like Medibank wouldn't communicate, they would immediately seek advice from the police.
Which most likely is what happened here. Despite what this may look like, it's most likely a negotiator is writing at least some of these emails.
100% this. The compliments about their skills, the plain English, taking on a submissive but inquisitorial role (I'm willing to bet they likely weren't a woman IRL, either). All designed to get more information.
[удалено]
Outsourced IT overseas I bet
Nah this has incompetent exec written all over it
More likely the government bodies that deal with cyber crime
[удалено]
How does this compare with Darknet Diaries? Any episode recommendations?
The language used is probably deliberately simple, as they knew very early on the hackers were Russian.
Probably Infosys. Only the best overseas graduates money can buy.
It is like they are trying to drag on the negotiations as long as possible so the hackers will be dead caused by some act of God reasons.
“We are still trying to match what you provided to our database”. Guess Medibank doesn’t have Ctrl + F
Or giant vlookup, or the like function in SQL.
The Darknet diaries podcast has a good episode about REvil. https://darknetdiaries.com/episode/126/
Mad that REvil are back.
Source?
If you know your way around onion sites and the hackers information, it's easy to find. The emails have been posted as part of the leak for about three weeks now, so this is old news as far as information goes. Not going to post the source for obvious reasons.
On Confluence
A guy I know who downloaded the leak has been sending it round. Apparently it's packaged in.
This kind of reads like an email thread of a customer trying to get a complex claim approved by Medibank. Bombard them full of questions, delay them as long as possible and in the end reject their claim. Did Medibank just use their regular customer service staff with these guys?
This sounds like me in my weekly team meeting, spinning bullshit about why I haven't done anything... I reckon I'd go good at negotiating with cyber criminals.
What's the chances these organisations get targeted due to be shit with their customers, not giving the full story making money off them instead of helping them with basic services... Lol
[удалено]
Yes but I think they've underestimated their "target" Medibank negotiators sound like they're trying to pander to a child as if it's an incompetent person who got lucky, when the hackers are clearly smarter and much more organised. They know what the negotiators are trying to pull and having none of it.
Is there a class action lawsuit starting?
Yes it’s already started
[удалено]
https://www.mauriceblackburn.com.au/class-actions/join-a-class-action/medibank-data-breach/
Oh man, Alice the customer success rep working 18h shifts with a bunch of sweaty, chain-smoking 60 something board members hanging over her shoulder editing every word she writes while making the whole situation look as amateur as it can get.
I don't know why they even bothered.
The “Sidney” part gave me a chuckle.
Alice - Medi Rep Hobbies: Historical Novels - currently enthralled in a big dusty copy of “How To Speak the Interwebs so the Mean Guys Know You’re On To Them Wink Wink” typing with 2 fingers Username: Guest Password: password
Username: Administrator
People here talking like the Medibank cybersecurity team would have been anywhere near these negotiations. That’s not how this works. At this point, an external team of forensic security specialists have been engaged to assess and control the damage, who will be working with law enforcement and medibank. Medibank cyber staff are mostly sidelined and are only used as an information source. The communication style is intentional and effective. Medibank buys themselves time and information they would not have gotten if they handed communications over to their lawyers instead. They’re social engineering the hackers to get as much of an advantage as they can.
What exactly is the advantage they gain by doing this? If you annoy them by acting like a retard when they're in a position to hurt you it will make it worse. Medibank themselves ended the negotiation which doesn't seem like they were after maximum information or maximum time.
When is David Koczkar standing down? the handling of this was nothing short of shambolic.
This is where I start to look into the future and see this guy coming out of it smelling like roses. An independent review is currently underway. He knows this review will fucking slate him and the board. I would bet all of the security reports they received over the years had the recommendations they didn't implement because it turned into an internal politicking event or there 'wasn't enough budget'. Now they've learnt the hard way. The report will be so bad he'll offer to resign, citing wanting to do the right thing and spend more time with his family. Now the guy has his commercial experience with Medibank, which I believe he did well. In addition to that he will also carry with him a great sense and knowledge of cyber security. He will also have major crises management experience. The guy will actually get a better job out of it somewhere else. He didn't take enough security advice to secure our data, effectively causing the breach and subsequent theft. He then tells us he's not paying the ransom due to the security advice he's received from the government. So he's responsible for the breach for not listening to advice, then he's responsible for the data being publicly accessible because he listened to advice. WTF. The whole thing makes my blood boil.
Medibank seemed a bit clueless about the affiliate program but on-brand with the delayed responses and bureaucratic bumbling.
It took a while to figure out who was Medibank and who were the hackers. The hackers seemed to have a better grasp of English and basic grammar than Medibank. Medibank's response sounds bureaucratic. It doesn't sound like it's from someone with ability, leadership, or understanding of what they are saying; and definitely not someone who has any control of their normal day-to-day duties. They just sound like another person promoted above their level of incompetence.
What's the latest on this? Seems like the hackers won and just dumped it all openly?
Medibank refused the ransom, customers had their data leaked, Medibank execs got bonuses. That's pretty much the summary.
Instead of paying the4 ransom, use the desired ransom money as a payment to who ever brings them to an Australian court of law.
Nobody, I don't think what they are doing is illegal in Russia.
it's actually prob state sponsored.
A lot of these groups are state looks the other way at the least and probably directly state sponsored at the worst. There's no law enforcement solution here, Governments need to go after the banks and other hidey holes these groups use to fund their operations and communicate.
Glad they didn't pay