US, UK, Australia Sanctions Russian REvil Hacker Behind Medibank Breach

Russian REvil Hacker

Governments from Australia, Britain and the US have imposed financial sanctions on a Russian over his alleged role in the 2022 ransomware attack on health insurer Medibank.

Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore or JimJones), 33, has been linked to the Medibank network breach and the theft and release of the Australian company’s personally identifiable information (PII).

The ransomware attack, which occurred in late October 2022 and was attributed to the now-defunct REvil ransomware crew, led to the unauthorized access of approximately 9.7 million of its current and former customers.

The stolen information included names, dates of birth, Medicare numbers and sensitive medical information, including mental health, sexual health and drug use data. Some of this data has been leaked on the dark web.

As part of the trilateral action, the sanctions to make it is a criminal offense to provide assets to Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

This crime carries a prison sentence of up to 10 years. In addition, the Australian government has also imposed a travel ban on Ermakov.

The British government said The punishment is their latest effort “to counter malicious cybercriminal activities emanating from Russia that seek to undermine the integrity and prosperity of the country and its allies.”

In addition to criticizing Russia for providing a safe haven to malicious cyber actors, the US Treasury Department called out the Eastern European country for enabling ransomware attacks by cultivating and co-opting criminal groups.

It further called on Russia to take concrete steps to prevent cybercriminals from operating freely in its jurisdiction.

“Russian cyber actors continue to conduct disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data,” said Assistant Secretary of the Treasury Brian E. Nelson.

“This action demonstrates that the United States stands with our partners to disrupt ransomware actors that are victimizing the backbone of our economies and critical infrastructure,” the Treasury Department said.

#Australia #Sanctions #Russian #REvil #Hacker #Medibank #Breach

Notify of
Inline Feedbacks
View all comments
Previous Post
Nudge Security

What is Nudge Security and how does it work?

Next Post
Software Supply Chain

The unknown risks of the software supply chain: a deep dive

Related Posts