The BlogXX ransomware group recently emerged with the theft of patient data from Mediabank, an Australian health insurer, on October 12.
According to authorities, the hacker group behind this attack is linked to the Russian hacker gang known as REvil. BlogXX is believed to be a variant of the latter, which was suspended from operations with the intervention of law enforcement in 2021.
Although a revised version of the Revil ransomware and despite some arrests, BlogXX uses the Raas (Ransomware-as-a-Service) system. This allows any would-be cybercriminal possessing this ransomware to be able to carry out an attack.
In addition to encrypting system data, the BlogXX ransomware has tools that steal functional data to a secure server belonging to the attacker group. We call this double extortion.
In this way, victims find themselves threatened on two fronts: encrypted, unusable data as well as the danger of confidential files leaking out onto the internet.
The private Australian Mediabank Group was the recent victim of this criminal group. They are demanding no less than USD $10 million in exchange for their silence.
Faced with Mediabank’s position of not paying the ransom, in addition to releasing data such as phone numbers or passport numbers of current or former clients of the company, “BlogXX” went further.
Several patients had their personal data disclosed on the Dark Web through a file called “Abortions”. In it one finds cases of miscarriages, non-viable pregnancies and others.
The Mediabank group has once again apologised to its customers and firmly maintained that it does not collaborate with cyber criminals in this case of ransomware.
Obviously, dealing with criminals and responding positively to ransom demands is a dangerous and irresponsible act as it feeds the ransomware attack system.
Recover files encrypted by BlogXX ransomware
Today, there are other methods to recover data encrypted by BlogXX ransomware.
Digital Recovery is an expert at recovering data that has been encrypted by ransomware.
It can also handle almost all forms of storage devices, including memory, RAID systems, servers, databases and more.
For security reasons and because we are aware that a company’s data must remain private, we provide all our clients with access to a confidentiality agreement (NDA).
Our team of professionals is available 24 hours a day, 7 days a week. Do not hesitate to contact us to take care of the recovery of your encrypted data.