In October 2022, Medibank, one of Australia’s largest private health insurance providers, was attacked by Russian cyber-criminals who hacked into its computer system, stole sensitive personal data of 9.7 million customers and demanded an enormous ransom for it. When Medibank refused to pay the ransom, the hackers published much of it on the dark web.
On January 23, the Australian government sanctioned Russian national Aleksandr Ermakov, a member of the REvil ransomware operation, for playing a pivotal role in the ransomware attack against Medibank.
On January 24, the United States and the United Kingdom, in solidarity with Australia, also designated Aleksandr Ermakov, because he poses a similar risk to the United States and the UK.
This was the first trilateral action by which the United States, Australia and the United Kingdom used their respective cyber sanctions regimes. It unambiguously demonstrated that the United States stands with its partners to disrupt ransomware actors who victimize the backbone of our economies and critical infrastructure.
Ransomware attacks against healthcare firms, which are frequent targets of these crimes in the United States, present risks to patient care, safety, and sensitive personally identifiable data.
Russia is known to provide a safe haven to ransomware actors, including the REvil group, and enables ransomware attacks by cultivating and co-opting criminal hackers who have launched disruptive ransomware attacks against the United States and allied countries. It shields cyber-criminals like Ermakov, enabling him and others like him to freely launch ransomware attacks and other malicious cyber activities from Russia. Furthermore, Russia has actually enabled ransomware attacks by cultivating and co-opting criminal hackers.
Exposing Ermakov’s identity as a cyber-criminal makes it easier for law enforcement agencies around the world to keep track of his activities, as well as to make note of his associates.
As a result of the designation, all of Aleksandr Ermakov’s property and interests within the reach of the United States government is frozen. Also, no U.S. citizen may engage in transactions with Ermakov, or in any way help or support him in any way.
“Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data,” said Under Secretary of the Treasury Brian E. Nelson. “Today’s trilateral action with Australia and the United Kingdom, the first such coordinated action, underscores our collective resolve to hold these criminals to account.”
