Australia has imposed sanctions on a Russian hacker for his alleged involvement in a high-profile ransomware attack on the country's largest private health insurer, Medibank, that occurred in November 2022. This marks the first time Australia has utilized its Magnitsky-style laws, introduced in late 2021, which target not only human rights abuses and serious corruption but also “egregious acts of international concern,” including cyber-attacks.
The targeted attack, described as the country's most significant data breach, resulted in the theft of sensitive medical records belonging to approximately 10 million individuals. The records included names, dates of birth, Medicare numbers and sensitive medical information. Some of the stolen data had been released on the dark web, including data on drug abuse, sexually transmitted infections, and pregnancy terminations.
The hacker, identified as 33-year-old Russian national Aleksandr Ermakov, is believed to be a member of the notorious Russian ransomware gang REvil.
The Australian government revealed that Ermakov had been under investigation for 18 months. Authorities worked in collaboration with international partners, including the US Federal Bureau of Investigation, the US National Security Agency and the UK’s Government Communications Headquarters, to establish a direct link between the Russian hacker and the compromise of the Medibank Private network.
The sanctions include strict travel bans and financial measures. These sanctions empower the Australian government to freeze the assets of the accused, extending to cryptocurrency wallets and ransomware payments. Any provision of assets to the hacker may result in severe penalties, including up to 10 years of imprisonment.