US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker

Aleksandr Ermakov, alongside other members of the REvil ransomware gang, are responsible for one of the biggest cyberattacks in Australia's history.

4 Min Read
A medibank sign
Source: Takatoshi Kurikawa via Alamy Stock Photo

A Russian national has been identified and sanctioned by Australia, the United Kingdom, and the United States for his role in the data breach of an Australian health insurance giant.

Aleksandr Gennadievich Ermakov, born May 16, 1990, is a former member of the bygone REvil ransomware gang. Online, he goes by various monikers: GustaveDore, aiiis_ermak, blade_runner, and JimJones. According to authorities, he is responsible for quarterbacking an October 2022 breach of Medibank, a $10 billion Melbourne-based insurer with nearly 4 million existing customers.

In that incident, Ermakov and his colleagues managed to access varied data belonging to 9.7 million current and former Medibank customers. It included personally identifiable information (PII) — names, dates of birth, addresses, and more — for customers and healthcare providers, as well as health records pertaining to mental and sexual health, drug usage, and more. The hackers leaked all of these records onto the Dark Web.

On Jan. 22, authorities did the best they could by way of retribution. As part of its prolonged war with cybercrime syndicates, the Australian Ministry of Defence outed Ermakov and imposed a travel ban and financial sanctions. As the ministry explained in a press release, the financial sanction makes stewarding or providing him with assets, including cryptocurrency wallets and ransomware payments, a criminal offense punishable by up to 10 years in prison plus significant fines.

View post on X

Piling on, the UK Foreign, Commonwealth & Development Office (FCDO) and US Department of the Treasury's Office of Foreign Assets Control (OFAC) dittoed Australia's bans, freezing any assets he has in either country and adding his name to the Treasury's Specially Designated Nationals and Blocked Persons (SDN) List.

Do Sanctions Stop Russian Cybercriminals?

In recent years, the US and partner nations have increasingly used sanctions as a weapon against cybercriminal groups, and the individuals who comprise them. But do they actually have any effect in a country that shields and actively collaborates with its cybercriminals?

Evidence suggests so, especially where finances are concerned. US officials can't arrest a Russian in Russia, but they can influence the flow of international financial transactions. And naming an entity to the SDN has a material impact on cybercriminal outfits, most notably ransomware operations, as it covers not only affiliates of these groups, but also any victims who'd otherwise be inclined to pay for the safe return of their data. Major threat actors have seen serious repercussions as a result of such sanctioning.

Even a travel ban is more than just a bummer for a hacker's future vacations.

"This can act as a deterrent on recruiting of personnel by criminal organizations. However, such a deterrent doesn't often outweigh the benefit of immediate financial reward," says Jasson Casey, CEO of Beyond Identity.

The bottom line, he says, is that "this is a necessary and useful tool, but it's about longer term pressure, we shouldn't expect immediate results."

Russian Cybercriminals' Worst Fear

An even more powerful alternative to Western law enforcement is the occasional Russian crackdown on its own domestic cybercrime.

One would do well to remember that, for all of the bad guys it shields, it was Russia's own police who administered the coup de grace against Ermakov's parent organization, ReVIL, back in 2022.

"Russia acting against cybercriminals should be viewed through two lenses," Casey suggests. "First, what leverage does the action provide the nation in its ongoing dealings with adversarial nations? Second, how important is the criminal organization being acted against, or have they fallen out of favor or alignment with the local government?"

He adds, "Put in another way: this could also be about purging the unfaithful and sending a message. After all, in the end, it's not Australia or Uncle Sam that guys like Ermakov need to worry about most, it's staying in good graces with their own protectors."

About the Author(s)

Nate Nelson, Contributing Writer

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights