Gov enacts cyber sanctions on Russian citizen over Medibank breach

The federal government has enacted cyber sanctions for the first time on a Russian individual for his role in the mass Medibank network breach. 

On Tuesday, the government said it imposed a financial sanction and a travel ban on Aleksandr Ermakov for the 2022 security attack.  

The mass leak saw the health insurer lose 9.7 million records which carried names, dates of birth, Medicare numbers and sensitive medical information. Some customer details were revealed on the dark web.

Under the sanction it is a criminal offence, punishable by up to 10 years imprisonment and heavy fines, to offer assets to Ermakov or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.  

Imposing the sanction against Ermakov marks the first use of the autonomous cyber sanctions framework, first established in 2021.  

Work from the Australian Signals Directorate and the Australian Federal Police, under Operation Aquila, alongside other agencies and international partners, resulted in linking Ermakov to the Medibank compromise. 

Penny Wong, the minister for foreign affairs said, “The use of these powers sends a clear message – there are costs and consequences for targeting Australia and Australians.”

“This is an incredible effort from our cyber and intelligence teams. We are using all elements of our national power to make Australia more secure at home and to keep Australians safe,” Wong said. 

Clare O’Neil, minister for home affairs and cyber security said, “Through the 2023-2030 Australian Cyber Security Strategy, we are hardening our defences and putting layers of protection around Australians and Australian businesses. This includes working with industry to break the ransomware business model.

“Our strong advice to businesses is never pay the ransom. Paying a ransom does not guarantee sensitive data will be recovered, prevent it from being sold or leaked online or prevent further attacks. It also makes Australia a more attractive target for criminal groups,” O’Neil said. 

Medibank responds  

Medibank said in a statement provided to Digital Nation, “Cybercrime is a deliberate and malicious act and every effort should be made to deter criminals for undertaking these crimes.”

The organisation thanked the government for its work in identifying and pursuing the criminal responsible for the theft of Medibank and ahm customer data in 2022. 

Medibank said it appreciates the efforts of all involved in implementing sanctions against Ermakov.  

“Since the cybercrime event, we have supported our customers through our cyber response support program, which includes mental health and wellbeing support, identity protection and financial hardship measures," the statement said. 

The statement also noted Medibank has “also worked hard to re-establish the trust of our customers and other stakeholders.”

“We know we can still do more as we continue to apply the lessons we have learnt. Work continues on uplifting and embedding the technology, processes and security culture within Medibank,” the statement concluded.