The U.S. authorities sanctioned a Russian nationwide for allegedly taking part in a “pivotal function” within the ransomware assault in opposition to Australian medical health insurance large Medibank that uncovered the delicate data of just about 10 million sufferers.
33-year-old Alexander Ermakov, who has additionally been sanctioned in Australia and the UK, stands accused of infiltrating Medibank’s community in October 2022 to steal personally identifiable data (PII) and delicate well being information linked to roughly 9.7 million clients.
This information, which was revealed on the darkish net after Medibank refused to pay the hackers’ $10 million ransom demand, included clients’ names, delivery dates, passport numbers, data on medical claims, and delicate recordsdata associated to abortions and alcohol-related sicknesses. The breach is believed to have impacted a number of high-profile Medibank clients, together with senior Australian authorities lawmakers.
Ermakov was first named on Tuesday by the Australian authorities, which has “labored tirelessly over the previous 18 months to unmask these liable for the cyberattack on Medibank,” Richard Marles, deputy prime minister and protection minister, mentioned in an announcement.
The U.S. Treasury Division sanctioned Ermakov shortly after the Australian authorities imposed first-of-its-kind sanctions in opposition to the Russian nationwide. These sanctions, the primary to be issued below Australia’s new cyber sanctions framework, make it a felony offense, punishable by as much as 10 years imprisonment and heavy fines, to supply property to Aleksandr Ermakov or to make use of or cope with his property, together with by cryptocurrency wallets or ransomware funds.
Ermakov and the opposite hackers behind the Medibank breach are believed to be linked to the Russia-backed cybercrime gang REvil, which was beforehand linked to the 2021 hack of Florida-based managed service supplier Kaseya that encrypted hundreds of its clients’ networks.
In response to the U.S. Treasury, REvil ransomware has been deployed on roughly 175,000 computer systems worldwide, garnering at the least $200 million in ransom funds.
In January 2022, Russia’s Federal Safety Service (FSB) intelligence company mentioned it had detained a number of folks related to REvil on the request of the U.S. authorities. The FSB’s shock operation got here simply months after the U.S. Division of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang resulting from his alleged function within the Kaseya assault.
