Pierluigi Paganini January 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022.

The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank.

“This morning I can announce that Australia has used cyber sanctions powers for the very first time on a Russian individual for his role in the breach of the Medibank Private network. As you might recall, more than 9 million records of Australians, including names, dates of birth, Medicare numbers and sensitive information were stolen in the 2022 attack, and the majority published on the dark web. It was an egregious violation, it impacted some of the most vulnerable members of the Australian community. I can confirm that thanks to the hard work of the Australian Signals Directorate and the AFP we have linked Russian citizen and cyber criminal Aleksandr Ermakov to the attack.” said Penny Wong, Foreign Minister. “The sanctions imposed are targeted financial sanctions and a travel ban. This will mean it is a criminal offence punishable with up to 10 years’ imprisonment to provide assets to Ermakov, or to use or deal with his assets including through cryptocurrency wallets or ransomware payments. This is the first time Australia’s autonomous cyber sanctions have been used. It sends a clear message that there are costs and consequences for targeting Australia and for targeting Australians. “

In November 2022, Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack.

Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.

The company discovered the ransomware attack on October 12, the attackers had access to data belonging to around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers.

In early November 2022, the threat actors leaked stolen data associated with roughly 10 million individuals.

Australian police investigated the case and discovered that Ermakov had a crucial role in the hack of the company. The Home Affairs and Cyber Security Minister of Australia has affirmed that Ermakov was not apprehended by Russian authorities in connection with the police operation targeting the REvil group.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)