The Australian, British and US governments have imposed financial sanctions on a Russian citizen for his alleged involvement in a 2022 ransomware attack on health insurance company Medibank.
Alexander Ermakov (also known as Blade_runner, GistaveDore, GustaveDore or JimJones), 33, has been linked to the breach of Medibank’s network and the theft and disclosure of personally identifiable information (PII) belonging to the Australian company.
This ransomware attack occurred in late October 2022 and was launched by the now-defunct REvil ransomware team, resulting in unauthorized access to approximately 9.7 million current and former customers.
The stolen information included names, dates of birth, health insurance numbers and sensitive medical information, including mental health, sexual health and medication records. Some of these records were leaked on the dark web.
As part of the trilateral action, the sanctions criminalize the provision of assets to Ermakov or the use or processing of his assets, including payments via cryptocurrency wallets or ransomware.
The offense is punishable by up to 10 years in prison. In addition, the Australian government also imposed a travel ban on Ermakov.
The UK government said the penalties were the latest step in its “fight against malicious cybercriminal activity from Russia aimed at undermining the integrity and prosperity of the UK and its allies”.
In addition to criticizing Russia for providing a safe haven for malicious cyber actors, the U.S. Treasury Department also accused the Eastern European country of cultivating and co-opting criminal groups to launch ransomware attacks.
It also called on Russia to take specific measures to prevent cybercriminals from operating freely within its jurisdiction.
“Russian cyber actors continue to launch devastating ransomware attacks against the United States and its allies, targeting our businesses, including critical infrastructure, and stealing Sensitive data.”
“This action demonstrates that the United States stands with our partners in combating ransomware actors who harm the backbone of our economy and critical infrastructure,” the Treasury Department said.
