The Australian government [1] [3] [4] [5] [6], in collaboration with the United States and the United Kingdom [6], has announced criminal penalties for providing assets to Russian cybercriminal Aleksandr Ermakov [2]. Ermakov was involved in the 2022 data breach of the Medibank Private network [2], where he stole sensitive personal and health data of approximately 9.7 million customers.

Description

Ermakov infiltrated Medibank’s network in October 2022 and gained access to personally identifiable information and sensitive health data. This included names [1], birth dates [1] [3], passport numbers [3], medical claims information [3] [6], and files related to abortions and alcohol-related illnesses [3]. After Medibank refused to pay a $10 million ransom [3], Ermakov published the stolen data on the dark web. He has been publicly identified and cyber sanctions have been imposed on him for his alleged involvement in the ransomware attack on Medibank Private Limited.

Ermakov is believed to be linked to the Russia-backed cybercrime gang REvil [3] [6], which has deployed ransomware on approximately 175,000 computers worldwide and collected at least $200 million in ransom payments [3]. The REvil gang was previously linked to the 2021 hack of Florida-based managed service provider Kaseya [3].

Under the Australian Autonomous Sanctions Act 2011 [4], Ermakov has been issued a cyber sanction [4], which includes criminal penalties and a travel ban [1] [5]. This decision by defense minister Richard Marles is seen as a significant step in combating cyber threats and sends a strong message to cyber criminals. The investigation into the cyberattack involved collaboration between Australian and international intelligence agencies [5], as well as companies like Microsoft and Medibank [5].

While the disruption of REvil may not completely halt their operations, publicly naming Ermakov is expected to hinder his activities [5]. Ongoing investigations are being conducted into other individuals connected to the attack. Australian authorities strongly advise against paying ransoms to cyber criminals, as it does not guarantee data recovery or prevent future attacks [5].

Conclusion

The Australian government’s use of cyber sanction laws against Ermakov marks a significant and unprecedented step in combating cyber threats. It demonstrates Australia’s seriousness in addressing such issues and sends a strong message to cyber criminals. The breach of Medibank Private’s network compromised the personal information of over 4 million Australians, highlighting the need for robust cybersecurity measures.

The collaboration between Australian and international intelligence agencies [5], as well as companies like Microsoft and Medibank [5], showcases the importance of cooperation in investigating and mitigating cyberattacks. While the impact of the sanctions on Ermakov and REvil may be limited, it is a crucial step towards holding cyber criminals accountable.

It is expected that other countries will also impose sanctions against Ermakov [1], further reinforcing the global effort to combat cyber threats. Ongoing investigations into the hack and the identification of all individuals responsible will continue, with the involvement of the United States [1], United Kingdom [1] [6], and Microsoft [1].

In conclusion, the Australian government’s response to the Medibank data breach highlights the severity of cyber threats and the need for proactive measures to protect sensitive information.

References

[1] https://amp.smh.com.au/politics/federal/identity-of-medibank-hacker-confirmed-government-invokes-cyber-sanctions-20240123-p5ezbl.html
[2] https://www.theguardian.com/australia-news/video/2024/jan/23/australia-sanctions-russian-aleksandr-ermakov-over-medicare-hack-video
[3] https://techcrunch.com/2024/01/23/us-sanctions-russian-citizen-accused-of-playing-key-role-in-medibank-ransomware-attack/
[4] https://www.infosecurity-magazine.com/news/australia-russian-hacker-medibank/
[5] https://www.cnn.com/2024/01/23/tech/medibank-attack-australia-sanction-revil-intl-hnk/index.html
[6] https://home.treasury.gov/news/press-releases/jy2041