Australia has taken action against a Russian individual, Aleksandr Ermakov, for his alleged involvement in a 2022 ransomware attack on Medibank, a major private health insurer.
This marks Australia’s first use of cyber sanctions. The attack compromised sensitive data of 9.7 million Medibank customers, including names, birth dates, medical details, and Medicare numbers. Some records were published on the dark web.
The Australian government, after an 18-month investigation, collaborated with international agencies, including the FBI, NSA, GCHQ, and companies like Microsoft and Medibank.
Ermakov, identified as a member of the Russian ransomware gang REvil, faces criminal charges, and providing assets to him or dealing with his assets, including cryptocurrency or ransom payments, is now a punishable offense with up to 10 years imprisonment.
Additionally, a travel ban has been imposed on Ermakov. The investigation revealed that the cyberattack was likely linked to REvil, known for previous large-scale attacks. The Medibank incident involved stolen data from Australian and international customers, with an initial ransom demand of $10 million. Despite lowering the demand to $9.7 million, Medibank refused to pay.
Australia’s authorities emphasized the importance of not paying ransoms to cybercriminals, stating that it doesn’t guarantee data recovery, prevents further attacks, and makes the country a bigger target. Investigations into other individuals connected to the attack are ongoing.
The public naming of Ermakov is seen as a significant step to disrupt his activities, considering cybercriminals’ reliance on anonymity. The government believes this action will have a substantial impact on Ermakov and serve as a deterrent.