TLDR
After ransomware encryption, attackers post sample of stolen records on dark web leak site (LockBit, Akira, Black Basta, Hunters International) and email victims of the breach demanding A$1,500 A$5,000 in BTC to 'remove' their data....
How it works
After ransomware encryption, attackers post sample of stolen records on dark web leak site (LockBit, Akira, Black Basta, Hunters International) and email victims of the breach demanding A$1,500 A$5,000 in BTC to 'remove' their data....
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1Australia's SOCI Act + Cyber Security Act mandate reporting of ransomware payments to ACSC within 72h.
- 2IF VICTIM ORGANISATION: notify OAIC within 30 days under Notifiable Data Breach scheme, report to ACSC ReportCyber, engage DR retainer, comply with mandatory ransom payment reporting.
Source
ACSC
Source reviewed by Mythos Forensic Team
https://www.cyber.gov.au/threats/types-threats/ransomwareFAQ
Is Ransomware extortion — Medibank style data leak threats (Australia) a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
Australia's SOCI Act + Cyber Security Act mandate reporting of ransomware payments to ACSC within 72h.; IF VICTIM ORGANISATION: notify OAIC within 30 days under Notifiable Data Breach scheme, report to ACSC ReportCyber, engage DR retainer, comply with mandatory ransom payment reporting.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.