Australia has applied cyber sanctions against Aleksandr Gennadievich Ermakov, a Russian national associated with the REvil ransomware group, for his involvement in the 2022 Medibank hack. This marks the inaugural use of Australia’s autonomous cyber sanctions, reflecting the severity of the Medibank data breach that affected over 9 million Australians. The sanctions include targeted financial measures and a travel ban, signaling a strong deterrent against those targeting Australia. Ermakov’s role in the cyberattack was unveiled through the efforts of the Australian Signals Directorate and the AFP. The severity of the breach, with personal details such as names, dates of birth, Medicare numbers, and sensitive information exposed, prompted the decisive action against the implicated individual.
In November 2022, Medibank disclosed that the personal data of approximately 9.7 million current and former customers had been compromised in a ransomware attack. The breach, discovered on October 12, affected data from 5.1 million Medibank customers, 2.8 million ahm customers, and 1.8 million international customers. By early November, threat actors had leaked stolen data associated with around 10 million individuals.
Australian authorities, including the police, investigated the cyberattack and identified Ermakov’s pivotal role in the breach. Despite the REvil group being the target of a police operation, Ermakov has not been apprehended by Russian authorities. The imposition of sanctions, comprising financial restrictions and a travel ban, underscores Australia’s commitment to holding cybercriminals accountable and safeguarding its citizens from such malicious activities.