The heartlessness of the hackers behind some of the world’s largest cyber attacks has been revealed, with a warning that Australia could be hit by more hacks.
A hacker claiming to be from the same group that orchestrated the hacks on Medibank has spoken to Four Corners, revealing more about the huge organisations carrying out cyber attacks around the globe.
The hacker they spoke to named Kerasid claimed to be heavily involved in cyber criminal group REvil, short for Ransomware Evil, which carried out a campaign of attacks in 2020 and 2021 that raised at least $US200m.
REvil has been connected to the Medibank hack through the leaking of more than 2000 Australians personal medical data.
Some of the correspondence has revealed startling new information about Australia’s attractiveness as a target.
“Australians are the most stupidest humans alive and they have a lot of money for no reason,” Kerasid said via Telegram messages to Four Corners.
“A lot of money and no sense at all.”
Hackers or “affiliates” break into a cyber system to steal sensitive data before barring the organisation from accessing the files by encrypting them with ransomware.
The criminal organisation then demands a ransom, with negotiators called in to get the largest sum possible, in order for the data to be returned and access to be regranted.
In the Medibank hack, the negotiators contacted the company’s chief executive directly via text to let him know they would release sensitive medical information.
“Hi, as your team is quite shy, we decided to make the first step in our negotiation,” the text read.
“We found people with very interesting diagnoses.”
The hacker seemed to try to use public concern over potential leaks to bolster their demands for money according to director of Risk Advisory John Macpherson.
“In the Medibank case, the hacker seemed to enjoy the media and the notoriety,” he said.
“They seem to think that the negative publicity would be a trigger for Medibank to pay a ransom, when in actual fact it was quite the opposite.”
The hackers then turned to direct threats when it appeared that Medibank was not going to cough up the ransom money.
“In the event of a negative outcome of the negotiations for us. We will do everything in our power to inflict as much damage as possible for you. both financial and reputational,” another correspondence read.
Internal documents from another online gang named Conti that were leaked in February 2022 have revealed how organisations like REvil are structured.
Conti had grown to such a size that it had up to 100 employees including managers and a HR arm that would try to recruit other cyber criminals and coders into its ranks.
Despite the huge sums of money that the organisations are able to rake in, the coders and negotiators at the bottom of the power structure are often paid between $US1000 and $US2000 a month.
They were often subject to harsh working conditions and were even fined for “absenteeism and various mistakes that led to losses”.
Meanwhile, Home Affairs Minister Clare O’Neil said submissions to the 2023-2030 Australian Cyber Security Strategy, the next steps in the government’s defence against hackers, had now closed.
“This discussion paper shows the extent of community support for a bold and ambitious strategy to boost our domestic cyber industry, work with industry leaders, and tackle cyber threats,” Ms O’Neil said.
“The cyber threat is growing every day, as a Government we are committed to increasing Australia’s national cyber resilience and capabilities in tackling these threats, on the road to becoming a world-leader in cyber security by 2030.”
The Department will now review all 280 submissions and identify key initiatives to be included in the strategy, under the guidance of the Expert Advisory Board, chaired by former Telstra CEO Andrew Penn.