A Russian national has been identified and sanctioned by Australia, the United Kingdom, and the United States for his role in the data breach of an Australian health insurance giant.
Aleksandr Gennadievich Ermakov, born May 16, 1990, is a former member of the bygone REvil ransomware gang.
Online, he goes by various monikers: GustaveDore, aiiis ermak, blade runner, and JimJones.
According to authorities, he is responsible for quarterbacking an October 2022 breach of Medibank, a $10 billion Melbourne-based insurer with nearly 4 million existing customers.
In that incident, Ermakov and his colleagues managed to access varied data belonging to 9.7 million current and former Medibank customers.
It included personally identifiable information - names, dates of birth, addresses, and more - for customers and healthcare providers, as well as health records pertaining to mental and sexual health, drug usage, and more.
The hackers leaked all of these records onto the Dark Web.
On Jan. 22, authorities did the best they could by way of retribution.
As part of its prolonged war with cybercrime syndicates, the Australian Ministry of Defence outed Ermakov and imposed a travel ban and financial sanctions.
As the ministry explained in a press release, the financial sanction makes stewarding or providing him with assets, including cryptocurrency wallets and ransomware payments, a criminal offense punishable by up to 10 years in prison plus significant fines.
Piling on, the UK Foreign, Commonwealth & Development Office and US Department of the Treasury's Office of Foreign Assets Control dittoed Australia's bans, freezing any assets he has in either country and adding his name to the Treasury's Specially Designated Nationals and Blocked Persons List.
Especially where finances are concerned.
US officials can't arrest a Russian in Russia, but they can influence the flow of international financial transactions.
Naming an entity to the SDN has a material impact on cybercriminal outfits, most notably ransomware operations, as it covers not only affiliates of these groups, but also any victims who'd otherwise be inclined to pay for the safe return of their data.
Major threat actors have seen serious repercussions as a result of such sanctioning.
Even a travel ban is more than just a bummer for a hacker's future vacations.
Russian Cybercriminals' Worst Fear An even more powerful alternative to Western law enforcement is the occasional Russian crackdown on its own domestic cybercrime.
One would do well to remember that, for all of the bad guys it shields, it was Russia's own police who administered the coup de grace against Ermakov's parent organization, ReVIL, back in 2022.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 23 Jan 2024 21:55:15 +0000