The Australian government has publicly named a Russian cybercriminal as responsible for the Medibank data breach, which affected 9.7 million people.
Russian national Aleksandr Ermakov, 33, has been issued a cyber sanction under the Australian Autonomous Sanctions Act 2011 for his role in the incident in 2022.
The cyber-attack led to the publication of 9.7 million records on the dark web. This contained the personal information of Australian citizens, including names, dates of birth, Medicare numbers, and other sensitive medical data.
Following the attack, the health insurer refused to pay the attackers’ ransom demand, while the Australian government announced that it was considering banning ransomware payments in response to the incident.
The sanctions mean that it is now a criminal offense to provide assets to Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments. These offenses are punishable by up to 10 years’ imprisonment and heavy fines.
Ermakov is also banned from travelling to, or remaining in, Australia.
It is the first time a sanction has been imposed by the Australian government under the 2011 statute.
Read here: Cyber Sanctions: An Effective Weapon or Just Posturing?
Deterring Cyber Threat Actors
Ermakov was linked to the breach following a law enforcement investigation named Operation Aquila. This involved the Australian Signal Directorate (ASD) and the Australian Federal Police alongside other Commonwealth agencies and international partners.
The Australian government has taken the action as part of its commitment to deter and respond to malicious cyber activity in the 2023-2030 Australian Cyber Security Strategy.
Australia’s Minister for Foreign Affairs, Penny Wong, commented: “The use of these powers sends a clear message – there are costs and consequences for targeting Australia and Australians.
“The Albanese Government will continue to hold cybercriminals to account.
“This is an incredible effort from our cyber and intelligence teams. We are using all elements of our national power to make Australia more secure at home and to keep Australians safe.”
The government urged all Australian individuals and businesses to strengthen their cybersecurity measures against increasing attacks. It also re-emphasized its guidance that ransom payments should never be paid.
Minister for Home Affairs and Minister for Cyber Security, Clare O’Neil, said: “Our strong advice to businesses is never pay the ransom. Paying a ransom does not guarantee sensitive data will be recovered, prevent it from being sold or leaked online or prevent further attacks. It also makes Australia a more attractive target for criminal groups.”
Update January 23, 2024: The UK and US governments have announced that they will be joining Australia in sanctioning of Ermakov as part of efforts to create more coordination in dealing with international cybercriminals.
In a statement, US Under Secretary of the Treasury Brian E. Nelson said: “Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data.
“Today’s trilateral action with Australia and the United Kingdom, the first such coordinated action, underscores our collective resolve to hold these criminals to account.”