Australia has accused Russia of hosting the “malicious” hackers behind the devastating Medibank breach, with police warning they are closing in on the individuals responsible.

Australian Federal Police commissioner Reece Kershaw blasted the hackers on Friday afternoon, revealing investigations with international agencies such as Interpol had identified the criminals behind the hack.

“We believe that those responsible for the breach are in Russia. Our
intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for passing significant breaches in countries across the world,” he said.

“These cyber criminals are operating like a business, with affiliates and associates who are supporting the business. We also believe that some affiliates may be in other countries.”

Mr Kershaw said international efforts had traced the hackers who had started uploading health data and other sensitive information of up to 10 million Australians to the dark web.

“We believe we know which individuals are responsible … we’ll be holding talks with Russian law enforcement about these individuals,” he said.

“To the criminals, we know who you are – and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system.”

In a pointed message, Mr Kershaw said Russia “benefits from the intelligence sharing and data shared through Interpol, and with that comes responsibilities and accountabilities”.

He said the crime had the potential to impact millions of Australians and damage a significant Australian business.

“This cyber attack is an unacceptable attack on Australia and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing.”

Earlier, the hackers thumbed their noses at the federal government after being warned the toughest “cyber guns” in Australia were coming after them, releasing more sensitive details of customers’ medical records on the dark web overnight.

On Friday, the ransomware group added a file named “Boozy.csv” to the dark web, It appears to contain information related to alcohol issues and follows a data dump on Thursday named “abortions.csv”.

“You telling that is disgusting (woof-woof), that we publish some data,” the group wrote on Friday in the blog.

“But we warned you. we always keep our word, if we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future.”

Prime Minister Albanese revealed earlier on Friday that authorities had traced where the suspected hackers were based.

“I am disgusted by the perpetrators of this criminal act and I’ve certainly authorised the AFP Commissioner later today to disclose where these attacks are coming from,” he said.

“We know where they’re coming from, we know who is responsible and we say they should be held to account.”

The group claimed on Thursday it had demanded a ransom of $US1 for each of Medibank’s 9.7 million affected customers, for a total of $US9.7 million (almost $15 million).

Medibank CEO David Koczkar said he expected the “disgraceful” release of customer data to continue each day.

“It’s obvious the criminal is enjoying the notoriety,” he said.

“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm. These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”

Home Affairs Minister Clare O’Neil said she felt the pain of those affected by the two most recent file drops.

“If there was a damn thing that I could do to put a stop to this, I would do it,” she told Nine’s Today Show on Friday.

“There is an enormous amount of work that has gone into trying to stop harm from resulting from this, trying to wrap our arms around the victims of this horrible crime.”

It’s believed the hackers are using medical reference codes to sift through the data they stole to generate files on specific health issues.

Ms O’Neil also stressed that Australian businesses must awaken to the urgency of the threat posed by hackers.

“We have been in a slumber about cybersecurity threats that face us,” she said.

“We need to wake up from that slumber.”

The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers, and passport numbers for international student clients.

Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the group hacked into its system last month.

No credit card or banking details were accessed.

Medibank has created a one-stop shop of mental health and other support services that can be accessed by affected customers via its website.

• Lifeline 131 114
• beyondblue 1300 224 636

– AAP