Australia’s government has used the “significant cyber incidents” sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.
The 2022 incident saw Medibank attacked by ransomware, and data on around ten million customers leaked, some of it to the dark web. Stolen info included details of medical treatments undergone by around half a million Medibank Private customers. The names, dates of birth, addresses, phone numbers and email addresses of 9.7 million customers were also stolen.
The REvil crime gang was named as the likely perpetrator of the attack, and Australian authorities accused Russia of harboring the group.
On Tuesday the government went a step further, naming Aleksandr Ermakov as linked to the incident, adding that Australia’s Federal Police and sigint agency the Australian Signals Directorate “continue to pursue other leads.”
Australia has slapped Ermakov with its significant cyber incidents sanctions – a scheme launched in 2021 that allows travel bans and financial sanctions on folks felt to be involved in cyber incidents that aim to harm Australia or other nations.
Ermakov is not allowed to travel to Australia. Up to ten years’ jail and big fines await anyone who deals with or provides him with assets, including through cryptocurrency wallets or ransomware payments.
Australia’s list of sanctioned individuals gives the accused’s full name as Aleksandr Gennadievich Ermakov and states that he’s used the handles “aiiis_ermak,” “blade_runner,” “JimJones,” and “GustaveDore.”
The last is revealing: it’s the name of a significant 19th-century French artist.
The name “Aleksandr Ermakov” is also shared: we found a Russian actor, footballer, and handball player with the same name.
Whoever Ermakov may be really, he’s therefore likely unfazed by Australia using this handle. And of course Australian authorities have no way of having Moscow act against the alleged cyber villain.
Announcing the name of a suspect does, at least, offer some solace for Australians, who since late 2022 have endured several high-profile cyber incidents at major businesses.
Singapore-owned telco Optus has the worst record. After suffering a data breach just before the Medibank incident, the carrier last year experienced a nationwide outage so severe that its own execs acquired SIM cards for rival networks to ensure they could stay in touch. ®