Armenian authorities have detained a Russian national named Aleksandr Ermakov at the request of U.S. law enforcement, sparking a complex situation that highlights issues of identity and international extradition. Since June 28, 2023, Ermakov has been held in a detention center in Yerevan, Armenia, following the U.S. extradition request linked to a notorious ransomware operation known as REvil.
The circumstances surrounding Ermakov’s arrest are troubling. His wife, Maria Yurova, recounted a startling sequence of events at Zvartnots Airport in Yerevan. As he was preparing to depart, border officers intercepted him, brandishing a phone displaying a photo from his VKontakte social media account. This abrupt action led him to a side room, where he was detained based on the U.S. request. His legal representatives assert that this is a case of mistaken identity, emphasizing that the U.S. authorities have targeted the wrong individual.
The U.S. is seeking Aleksandr Gennadievich Ermakov, who has been sanctioned by Australia, the United States, and the United Kingdom for his alleged involvement in a significant cybercrime: stealing approximately 9.7 million records from Medibank Private, one of Australia’s largest health insurers, and subsequently leaking some of this data on the dark web. Reporting from various sources, including the Russian news outlet TASS, indicates that this specific Ermakov is currently serving a two-year sentence in Russia, which legally prohibits him from leaving the country.
In contrast, the man detained in Armenia, as his legal team clarifies, is Aleksandr Yuryevich Ermakov, a former lawyer from Omsk who has no command of English. His background is vastly different, and according to his lawyers, the discrepancies between the two individuals’ identities have led to this wrongful detention. Aleksandr Yuryevich is believed to have been a legal professional specializing in prison law, and he has no ties to the criminal activities attributed to his namesake.
The U.S. Department of Justice has accused Gennadievich Ermakov of participating in Sodinokibi/REvil attacks from approximately April 2019 until July 2021. His alleged crimes encompass over a thousand victims, including private enterprises as well as government institutions, schools, and hospitals—some even located in the Northern District of Texas. The accusations are based on evidence gathered by U.S. law enforcement, which can be found in a charging document that media outlets like RIA Novosti have referenced.
Furthermore, while a federal warrant for Gennadievich Ermakov emerged from a Texas court shortly before the arrest—dated June 26—these legal troubles did not seem to be based on direct evidence against Yuryevich. Notably, the hack against Medibank occurred in October 2022, well after Gennadievich’s alleged time frame for criminal activities had concluded, adding layers of complexity to the ongoing legal battle.
The debate surrounding the proper identification of the accused has gained attention, especially considering the distinct Russian practice of using patronymics in passports. This aspect serves as a unique identifier among individuals with similar names. According to reports, the Australian government has listed Gennadievich Ermakov with a precise date of birth, which contrasts sharply with the details of his counterpart, thereby complicating the extradition case.
Dylan Rajavi, a lawyer representing the detained individual, has voiced concerns regarding possible clerical errors in the extradition paperwork. He speculated that since the U.S. documents may have presented only a first name and surname, an automated system could have mistakenly matched Yuryevich with the charged individual. He criticized the lack of concrete identification methods—such as fingerprints or full passport information—that are standard in such cases.
Despite the mounting evidence of wrongful arrest, Armenian authorities have yet to issue an official statement, and the U.S. has not announced any formal charges. As the legal proceedings unfold, the man remains detained under a 30-day Interpol order while Moscow has requested consular access.
The intricacies of this situation are further compounded by the complicated backgrounds of the individuals involved. The Australian Federal Police, alongside its intelligence directorate, reportedly spent eighteen months on an investigation labeled Operation Aquila, prior to publicly identifying Gennadievich Ermakov as a suspect in the Medibank hack. Other sources indicate that he may have engaged in criminal activities well beyond the scope of this specific incident.
As the Armenian courts deliberate on the extradition request, family members are awaiting news with trepidation. The ongoing situation has ramifications not only for the individuals involved but also for international relations and the frameworks surrounding cybercrime and extradition worldwide. The case of Aleksandr Ermakov exemplifies the complications that can arise in the interplay of law enforcement, identification, and the growing impact of ransomware on global security and consumer trust.

