SYDNEY (AP) — A Russian national has been sanctioned by the U.S., U.K. and Australian governments for his role in a cyber attack that compromised the personal information of more than 10 million Australians.
In October 2022, client data from Medibank, Australia’s largest health insurer, was released by an extortionist, including details of HIV diagnoses and drug abuse treatments, after the company refused to pay a ransom for the personal records of current and former customers.
On Tuesday, the U.S. and the U.K. imposed sanctions and the Australian government imposed its cyber sanction powers for the first time against Aleksandr Ermakov after Australian Federal Police and intelligence agencies, with support from undisclosed global partners, made the link between the Russian citizen and the cyber attack. Ermakov did not immediately respond to an online request from The Associated Press seeking comment.
Australian Deputy Prime Minister Richard Marles said the sanctions imposed are part of Australia’s efforts to expose cyber criminals and debilitate groups engaging in cyber attacks.
“In our current strategic circumstances we continue to see governments, critical infrastructure, businesses and households in Australia targeted by malicious cyber actors,” Marles said in a statement on Tuesday.
“We continue to work with our friends and partners around the world to ensure cyber criminals are held to account for their actions and we will relentlessly pursue activities which disrupt their capability to target Australians in the cyber space.”
The sanctions make it a criminal offense, punishable by up to 10 years’ imprisonment, to provide assets to Ermakov or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.
Australian Foreign Affairs Minister Penny Wong said the sanctions send a clear message to cyber criminals. “There are costs and consequences for targeting Australia and targeting Australians,” she said in a statement.
U.S. Treasury Undersecretary Brian Nelson said in a statement that “Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data.”
He said Tuesday’s action “underscores our collective resolve to hold these criminals to account.”
U.S. Treasury Department reporter Fatima Hussein contributed to this report from Washington, D.C.