Harry Perkins Institute of Medical Research targeted in major cyberattack

Harry Perkins Institute of Medical Research targeted in major cyberattack | Insurance Business Australia

Cyber

Ransomware group posts 4.6 terabytes of data

Cyber

By
Roxanne Libatique

Perth’s Harry Perkins Institute of Medical Research has been hit by a cyberattack, with hackers claiming to have released a substantial amount of data after the institute declined to pay a ransom.

According to a report from WA Today, a ransomware group known as Medusa has announced that it has posted 4.6 terabytes of data, including footage from internal security cameras, on the dark web.

While the team has confirmed the data theft, it has not verified the publication of the data. A spokesperson informed WA Today that no patient data, research information, or data related to donors and supporters were compromised.

“We remain committed to protecting the information of all of our donors, researchers, staff, and partners, and we apologise for any inconvenience that this incident may have caused,” the spokesperson for the institute said, as reported by WA Today.

Medusa had demanded a ransom of more than $700,000, with a deadline enforced by a countdown clock on its dark web blog. When the deadline expired on Friday, the group claimed to have released the data.

“Our ongoing investigation identified evidence that indicates a subset of files has been taken from this system,” the spokesperson said. “We are now aware of a claim that this information has been published online by an unauthorised third party. We are urgently investigating this claim and the nature and extent of the published files.”

Cybercrime is on the rise

Associate Professor Mihai Lazarescu, a cybersecurity expert, noted that cybercrime is on the rise and can be more profitable than drug trafficking.

“[This theft] invites more scrutiny, so if this group managed to get video feeds and other information, there will be others wondering, ‘What else can we get?’” he told WA Today.

He explained that hackers often target high-profile organisations to market themselves as available for hire in the cybercrime industry. He pointed out that the public only hears about a small fraction of these attacks.

“People need to understand crime is being commoditised; you have groups that are quite happy to pay people with particular skills to develop malware and you deploy the malware, either ransomware or to get more information,” he said.

The Harry Perkins Institute has reported the incident to the Australian Cyber Security Centre and WA Police.