Reuters has reported that Medibank, Australia's biggest health insurer, said no ransom payment will be made to the criminal responsible for a recent data theft, wherein around 9.7 million current and former customers' data was compromised.Highlighting findings of the firm's investigation to date, Medibank confirmed that name, date of birth, address, phone number, and email addresses for around 9.7 million current and former customers were accessed in the data theft.
Rebecca Moody, head of data research at Comparitech, commented:
“According to the data collated through our Worldwide Ransomware Tracker, just less than 18 percent of ransom demands have been paid (where companies confirm whether or not they have paid). However, companies are far more likely to confirm they haven't paid than if they have as many feel admitting to paying ransoms leaves them exposed to future attacks.
Companies may feel they have no choice but to pay a ransom if their systems are crippled by the attack and they are forced offline for an indefinite period of time. Fortunately, Medibank's systems seem to have been largely unaffected by the attack which may have helped in the decision not to pay the ransom.
However, choosing not to pay often results in stolen data being published for sale on the dark web/hacker's forums. In the case of Medibank, this could mean that the data of nearly 10 million customers will be exposed by the hackers. Medibank may then face the cost of offering identity theft protection services for its customers. This cost, alongside other mediation efforts, could exceed the ransom demand from the hackers. The amount demanded from Medibank is still unknown but, according to our latest data, the average ransom demand for 2022 is $6.26 million.
However, as Medibank states, paying a ransom does not guarantee that the data will be destroyed and/or customer records will not be exploited.”