Home Affairs Minister Clare O'Neil and Federal Attorney-General Mark Dreyfus made the announcement jointly on Saturday, a day after the AFP commissioner Reece Kershaw claimed that those behind the ransomware attack on medical insurance provider Medibank Group were based in Russia. Ransomware generally attacks only systems running Microsoft's Windows operating system.
O'Neil, who is also responsible for online security, said: "This is the formalisation of a partnership, a standing body in the Australian Government, which will day in, day out, hunt down the scumbags who are responsible for these malicious crimes against innocent people.
"Around 100 officers across these two organisations will be a part of this permanent Joint Standing Operation. They will show up to work every day with the goal of bringing down these gangs and thugs.
|
The Medibank attack is one of about 10 that have been reported recently and was announced on 14 October. When it first announced its systems had been breached, Medibank said there was no indication of any sensitive data having leaked. Later, it said the data stolen was limited to ahm and international students. Even later, it said data of all its 3.9 million customers could have been taken.
And finally, on 27 October, the company said patient information from My Home Hospital, a joint venture between Calvary and Medibank implemented on behalf of Wellbeing SA and the South Australian Government, had also been accessed by the attacker(s).
While the two ministers and Kershaw did not name any group as being behind the attack, the ABC claimed that the people responsible are the REvil ransomware gang. This does not seem possible as the outfit was taken offline by intelligence agencies and law enforcement from the US and a number of its allies in October 2021.
The website Bleeping Computer, which specialises in reporting on ransomware, had this to say: "However, in April 2022, the operation's original Tor websites mysteriously began redirecting visitors to new websites for what is called the 'BlogXX' operation. In private negotiations with victims, these threat actors call themselves Sodinokibi, a name previously used by the original REvil operation.
"Furthermore, security researchers have confirmed that the new operation's encryptor was based on the source code of REvil's encryptor.
"Due to the website redirects and code similarities, the new operation is considered by some to be a relaunch of the REvil operation, either by the developers or other members. However, security researcher MalwareHunterTeam believes this group is BlogXX, a new operation linked to REvil."
O'Neil did not provide any date on which the task force would begin operating. There is a huge shortage of qualified network security professionals in the industry right now.