Ransomware BlogXX

The BlogXX ransomware group recently emerged with the theft of patient data from Mediabank, an Australian health insurance company, on October 12.

According to authorities, the hacker group behind this attack is linked to the Russian hacker gang known as REvil. BlogXX is believed to be a variant of the latter, which was suspended from operations with the intervention of law enforcement in 2021.

Although a revised version of the Revil ransomware and despite some arrests, BlogXX uses the Raas (Ransomware-as-a-Service) system. This allows any aspiring cybercriminal who possesses this ransomware to be able to carry out an attack.

In addition to encrypting system data, the BlogXX ransomware has tools that steal functional data to a secure server belonging to the attackers’ group. We call this double extortion.

In this way victims are threatened on two fronts: encrypted and unusable data as well as the danger of confidential files leaking out onto the Internet.

The private Australian Mediabank Group was the recent victim of this criminal group. They are demanding no less than USD $10 million in exchange for their silence.

Faced with Mediabank’s position of not paying the ransom, in addition to releasing data such as phone numbers or passport numbers of current or former customers of the company, “BlogXX” has gone further.

Several patients had their personal data disclosed on the Dark Web through a file called “Abortions”. It contains cases of miscarriages, unviable pregnancies, and others.

The Mediabank Group has once again apologized to its customers and firmly maintained that it does not collaborate with cybercriminals in this case of ransomware.

Obviously, dealing with criminals and responding positively to ransom demands is dangerous and irresponsible as it feeds the ransomware attack system.

Recover Files Encrypted by BlogXX Ransomware

Today, there are other methods to recover data encrypted by BlogXX ransomware.

Digital Recovery is an expert at recovering data that has been encrypted by ransomware.

It can also handle almost all forms of storage devices, including memory, RAID systems, servers, databases, and more.

For security reasons and because we are aware that a company’s data must remain private, we provide all of our customers with access to a confidentiality agreement (NDA).

Our team of professionals is available 24 hours a day, 7 days a week. Don’t hesitate to contact us to take care of your encrypted data recovery.

Digital Recovery helps companies recover data

Check out other posts

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.