Russian Citizen Sanctioned By US, UK, Australia Over Medibank Hack

Authorities in the United States, the United Kingdom, and Australia have identified a Russian national involved in the devastating 2022 hack of an Australian health insurer.

On Tuesday the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), in co-ordination with Australia and the United Kingdom, “designated Alexander Ermakov (Ermakov), a cyber actor who played a pivotal in the 2022 ransomware attack against Medibank Private Limited, an Australian healthcare insurer.”

In October 2022 Medibank Private had confirmed a ‘cyber incident’ where hackers stole 200GB of Australian patient data, including names, addresses, phone numbers, dates of birth, financial data, and in some case actual medical data.

Russian hacker

The hackers managed to obtain the health data of 9.7 million past and present customers, including 1.8 million international customers.

The stolen files include health claim data for almost half a million people, including 20,000 people based overseas.

In November 2022 the Australian Federal Police (AFP) Commissioner said investigators knew the identity of the individuals responsible for the attack on Medibank, but declined to name them.

But unfortunately the Russian cyber criminals began releasing tranches of customer data onto the dark web, including details of HIV diagnoses and drug abuse treatments, after Medibank refused to pay a ransom.

The hackers categorised the files with titles such as good-list, naughty-list, abortions and boozy. This last category was for those patients who sought help for alcohol dependency.

“Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data,” said Under Secretary of the Treasury Brian E. Nelson on Tuesday. “Today’s trilateral action with Australia and the United Kingdom, the first such co-ordinated action, underscores our collective resolve to hold these criminals to account.”

Sanctioned Ermakov

Australia has sanctioned Ermakov for utilising ransomware to attack the Medibank network and for the exfiltration of sensitive data of 9.7 million users of Medibank services.

The United States and the United Kingdom, in solidarity with Australia, also took action against the same individual because of the similar risk presented by this actor to the United States and the UK.

The sanctions make it a criminal offense, punishable by up to 10 years’ imprisonment, to provide assets to Ermakov or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

It also means that all property and interests in property of Ermakov if located in the US, UK, or Australia, or in the possession or control of its citizens, must be blocked and reported to the OFAC.

In addition, any entities owned, directly or indirectly, by one or more blocked persons are also blocked.

And any persons that engage in certain transactions with Alexander Ermakov may themselves be exposed to sanctions.

REvil hackers

All three nations state that in October 2022, Ermakov had infiltrated the Medibank network, one of Australia’s largest private health insurers.

Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed notorious cybercrime gang REvil.

The US has previously sanctioned two individuals for perpetuating Sodinokibi/REvil ransomware incidents against the United States.

Russia has previously taken some ‘action’ against REvil.

In January 2022, Russian state news agency TASS had reported that at least eight REvil ransomware hackers had been detained by Russia’s Federal Security Service (FSB) at the request of the US.

This was before Russia’s illegal invasion of Ukraine, and the breakdown of relations between Moscow and the West.

The FSB security services reportedly raided 25 addresses and arrested 14 individuals in Moscow, St. Petersburg, Leningrad and Lipetsk.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago