January 24, 2024 at 04:24AM
Australia, the U.K., and the U.S. have imposed financial sanctions on Russian national Alexander Ermakov for his alleged involvement in the 2022 ransomware attack on Medibank. The attack resulted in the unauthorized access of 9.7 million customer records, leading the governments to criminalize dealing with his assets and call for Russia to prevent cybercriminal activity.
Key takeaways from the meeting notes on the 2022 ransomware attack against health insurance provider Medibank and the subsequent sanctions imposed on Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones) by Australia, the U.K., and the U.S. include:
1. Alexander Ermakov, 33, has been implicated in the breach of the Medibank network and the theft of Personally Identifiable Information (PII) belonging to the Australian company, which was then released on the dark web.
2. The unauthorized access during the ransomware attack affected approximately 9.7 million current and former customers, exposing sensitive information such as names, dates of birth, Medicare numbers, and records on mental health, sexual health, and drug use.
3. The trilateral sanctions make it a criminal offense to provide assets to Ermakov or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments, punishable by up to 10 years’ imprisonment. The Australian government has also imposed a travel ban on Ermakov.
4. The U.K. government’s penalty is part of their efforts to counter malicious cybercriminal activity emanating from Russia.
5. The U.S. Department of the Treasury has criticized Russia for providing a safe haven for cyber actors and called on Russia to take concrete steps to prevent cyber criminals from freely operating within its jurisdiction.
6. The Treasury Department’s action against Ermakov demonstrates the commitment of the United States to disrupt ransomware actors who target critical infrastructure and the backbone of economies.
These takeaways emphasize the continuing efforts of global governments to address and counter cybercriminal activities, particularly in relation to ransomware attacks and the protection of sensitive data.