Australia punishes a Russian national who is alleged to have hacked into a Medibank data leak

Australia has publicly identified and imposed cyber sanctions on a Russian national, Aleksandr Ermakov, for his alleged involvement in a 2022 ransomware attack on Medibank, one of Australia’s largest private health insurers. This marks Australia’s first use of cyber sanctions. The attack compromised sensitive personal data from 9.7 million customers, including names, dates of birth, medical information, and Medicare numbers, with some records published on the dark web.

The sanctions criminalize providing assets to Ermakov, dealing with his assets, or making ransomware payments, punishable by up to 10 years’ imprisonment. The government has also implemented a travel ban on Ermakov. The investigation involved collaboration between Australian and international agencies, including the Australian Signals Directorate, Australian Federal Police, FBI, NSA, GCHQ, Microsoft, and Medibank.

The cyberattack, linked to the Russian ransomware gang REvil, targeted Medibank and prompted Australia to emphasize not paying ransoms to cybercriminals. In response to the attack, Australia worked with various agencies and companies over 18 months to unmask those responsible. The naming of Ermakov is expected to impact his activities, emphasizing the government’s commitment to combating cyber threats. Investigations into other individuals linked to the attack are ongoing.

The stolen data affected not only Australian customers but also 1.8 million international customers. An initial ransom demand of $10 million was made but later lowered to $9.7 million, which Medibank refused to pay. The Australian government’s move is part of a broader effort to deter cybercriminals and highlight the consequences of such attacks.