Federal parliament passed laws last December to enforce Magnitsky-style sanctions,which include measures to respond to cyberattacks and were named after a whistleblower who died in custody in Moscow in 2009.
“While Australia has yet to use Magnitsky sanctions against perpetrators of serious cyberattacks,this would be a prime candidate,” Paterson said.
REvil takes its name from “ransomware evil” and has a pattern of hacking computer systems,obtaining personal information and threatening to release the details until it receives a ransom – a tactic it is said to have used against major companies as well as Donald Trump,Lady Gaga and Madonna.
Loading
“Our intelligence points to a group of loosely affiliated cybercriminals who are likely responsible for past significant breaches in countries across the world,” Kershaw told reporters on Friday afternoon. “These cybercriminals are operating like a business with affiliates and associates who are supporting the business.”
The Australian decision to name the home country of the gang is a rare move that highlights concern about the rise in Russian hacking since Putin launched the invasion of Ukraine in February.
Prime Minister Anthony Albanese said he authorised the release of the AFP’s findings because the “disgusting” attacks needed to be condemned.
“We know where they’re coming from,we know who is responsible,and we say that they should be held to account,” he said.
“The nation where these attacks are coming from should also be held accountable for the disgusting attacks,and the release of information including very private and personal information.”
“We know where they’re coming from,we know who is responsible,and we say that they should be held to account.”
Prime Minister Anthony Albanese
The Russian embassy complained that it had not been contacted before the AFP commissioner made his statement and it added that fighting cybercrime needed a cooperative,non-politicised approach.
The embassy did not answer specific questions from this masthead about whether the hackers came from Russia or whether they were supported by the Russian state.
US President Joe Biden said in March that cyberattacks were “part of Russia’s playbook” and that authorities believed the Russian government was exploring options for potential cyberattacks.
Loading
REvil began as a group that offered “ransomware as a service” so its hackers could be hired by others to target systems and demand a payment,but it has made a series of attacks in its own right.
The group was said to have been dismantled by Russian authorities in March,butexperts believe it has restarted its operations.
Medibank chief executive David Koczkar said the company expected the hackers to release new data daily as part of their demands.
“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm,” he said.
Loading
Home Affairs Minister Clare O’Neil told Nine’sToday show that she has had some “direct conversations” with Medibank about the company’s failure to protect customers’ confidential information.
“I would say across the Australian community,we have been in a slumber about cybersecurity threats that face us,” she said.
“We need to wake up from the slumber. This is the crime type of the future.”
The REvil group claimed on Thursday it had demanded a ransom of $US1 for each of Medibank’s 9.7 million affected customers,for a total of $US9.7 million ($15 million).
Cut through the noise of federal politics with news,views and expert analysis from Jacqueline Maley. Subscribers can sign up to our weeklyInside Politics newsletter here.