Ransomware BlogXX

The BlogXX ransomware group recently emerged with the theft of patient data from Mediabank, an Australian health insurer, on October 12.

According to authorities, the hacker group behind this attack is linked to the Russian hacker gang known as REvil. BlogXX is believed to be a variant of the latter, which was suspended from operations with the intervention of law enforcement in 2021.

Although a revised version of the Revil ransomware and despite some arrests, BlogXX uses the Raas (Ransomware-as-a-Service) system. This allows any would-be cybercriminal possessing this ransomware to be able to carry out an attack.

In addition to encrypting system data, the BlogXX ransomware has tools that steal functional data to a secure server belonging to the attacker group. We call this double extortion.

In this way, victims find themselves threatened on two fronts: encrypted, unusable data as well as the danger of confidential files leaking out onto the internet.

The private Australian Mediabank Group was the recent victim of this criminal group. They are demanding no less than USD $10 million in exchange for their silence.

Faced with Mediabank’s position of not paying the ransom, in addition to releasing data such as phone numbers or passport numbers of current or former clients of the company, “BlogXX” went further.

Several patients had their personal data disclosed on the Dark Web through a file called “Abortions”. In it one finds cases of miscarriages, non-viable pregnancies and others.

The Mediabank group has once again apologised to its customers and firmly maintained that it does not collaborate with cyber criminals in this case of ransomware.

Obviously, dealing with criminals and responding positively to ransom demands is a dangerous and irresponsible act as it feeds the ransomware attack system.

Recover files encrypted by BlogXX ransomware

Today, there are other methods to recover data encrypted by BlogXX ransomware.

Digital Recovery is an expert at recovering data that has been encrypted by ransomware.

It can also handle almost all forms of storage devices, including memory, RAID systems, servers, databases and more.

For security reasons and because we are aware that a company’s data must remain private, we provide all our clients with access to a confidentiality agreement (NDA).

Our team of professionals is available 24 hours a day, 7 days a week. Do not hesitate to contact us to take care of the recovery of your encrypted data.

Digital Recovery helps businesses recover data

Check out other posts

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.