The US government has sanctioned a Russian national for allegedly playing a “key role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of nearly 10 million patients.
33-year-old Alexander Ermakov, who has also been punished in Australia and the UK, is accused of infiltration of the Medibank network in October 2022 to steal personally identifiable information (PII) and sensitive health data associated with approximately 9.7 million customers.
That data, which was published on the dark web after Medibank refused to pay the hackers’ $10 million ransom demand, included customer names, dates of birth, passport numbers, medical claims information and sensitive records related to abortions and illnesses that related to alcohol. . The breach is believed to have affected several high-profile Medibank customers, including senior members of the Australian government.
Ermakov was first was named on Tuesday by the Australian government, which has “worked tirelessly over the past 18 months to uncover those responsible for the Medibank cyberattack,” Richard Marles, deputy prime minister and defense minister, said in a statement.
The US Treasury has sanctioned Ermakov shortly after the Australian government imposed the first-of-its-kind sanctions against the Russian national. These sanctions, the first issued under Australia’s new cyber sanctions framework, make it a criminal offense, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Aleksandr Ermakov or use or manage his assets; among others through cryptocurrency wallets or ransomware payments.
Ermakov and the other hackers behind the Medibank breach are believed to be linked to the Russian-backed cybercrime gang REvil, which was previously linked to the 2021 hack of Florida-based managed services provider Kaseya that encrypted thousands of networks of its customers.
According to the US Treasury Department, the REvil ransomware has been deployed on approximately 175,000 computers worldwide, collecting at least $200 million in ransom payments.
In January 2022, the Intelligence Service of Russia’s Federal Security Service (FSB) said it had arrested several people associated with REvil at the request of US authorities. The FSB’s surprise operation came just months after the US Department of Justice indicted a 22-year-old Ukrainian national linked to the REvil ransomware gang over his alleged role in the Kaseya attack.
