Alexander Ermakov, 33, was sanctioned Tuesday by the United States, Australia and Britain for being involved in the 2022 ransomware attack of Australian healthcare insurer Medibank Private. Photo courtesy of Australia's Department of Foreign Affairs and Trade/
Release
Jan. 23 (UPI) -- The United States, Australia and Britain on Tuesday sanctioned a Russian national they accuse of being involved in the 2022 ransomware attack that stole sensitive information from millions of users of Australian healthcare insurer Medibank Private.
The breach of Medibank's cloud-based data network was detected in October of 2022. The company said hackers stole the information of 9.7 million users, some of which was released on the dark web in November of that same year after Medibank refused to pay a ransom of $10 million.
In the first trilateral use of each country's cyber sanctions regimes, the ally nations on Tuesday blacklisted 33-year-old Alexander Ermakov, who the U.S. Treasury said played a "pivotal" role in the attack.
The U.S. federal agency said Ermakov infiltrated the Medibank network and stole the Personally Identifiable Information and sensitive health information linked to nearly 10 million current and former customers.
He is also believed to be tied to the Russia-backed REvil cybercriminal gang, which is also known as Sodinokibi, and is believed to have been behind a number of high-profile cyberattacks, including the infiltration of major meat producer JBS that shuttered plants in the United States and Australia in 2021, among others.
"Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data," Under Secretary of the Treasury Brian Nelson said Tuesday in a statement.
"Today's trilateral action with Australia and the United Kingdom, the first such coordinated action, underscores our collective resolve to hold these criminals to account."
Australia said Tuesday was its first use of its cyber sanctions framework and was the result of 18 months of investigations into the incident.
The sanctions generally bar all property in Ermakov's name and bars those from the United States, Australia and Britain from doing business with him. Canberra added that its sanctions make it a criminal offense punishable by up to 10 years' imprisonment to provide him with assets or deal with his assets.
"We are using all elements of our national power to make Australia more secure at home and to keep Australians safe," foreign affairs minister Penny Wong said in a statement.
