Authorities in Australia, the United Kingdom, and the United States have imposed financial sanctions against a Russian man who has been accused of stealing data from almost 10 million customers of the Australian health insurance giant Medibank. The man in question, 33-year-old Aleksandr Ermakov, is believed to have been involved in a cybercriminal activity that resulted in the theft and subsequent leakage of sensitive health records from Medibank back in October 2022.
The allegations against Ermakov represent the first time that Australia has taken such measures against a cybercriminal. The documents released by the Australian government included various photos of Ermakov, which emphasized the personal nature of these sanctions, as they sought to send a clear message that such criminal behavior will not go unpunished. The attack on Medibank resulted in the theft of 9.7 million records which contained highly sensitive information on the company’s customers. The data was used as leverage in a ransom demand, and when the company refused to pay, the hackers leaked the confidential health records, exposing sensitive details about medical histories.
The U.S. government has stated that Ermakov and his associates are linked to the Russia-backed cybercrime gang REvil, which was known to be involved in various ransomware attacks motivated by financial gain. Ermakov operated under different aliases in Russian cybercrime forums and was involved in the creation of a ransomware affiliate program called Sugar. Additionally, he was affiliated with a Russian technology firm called Shtazi, which was known for computer programming, web development, and reputation management services.
Furthermore, Ermakov’s connection to Mikhail Borisovich Shefel, also known as Rescator in the cybercriminal underworld, has come to light. Shefel was previously identified as the person behind the theft of tens of millions of payment cards from major retailers like Target and Home Depot. The linking of Ermakov’s email address with domains registered by Shefel underscores the close association between the two individuals. This connection has brought to light Ermakov’s involvement in activities related to cryptocurrency and dubious financial dealings, making him a target for further scrutiny by law enforcement.
Intel 471’s research revealed that Ermakov was associated with REvil through the publication of the stolen Medibank data on a blog that had previously been controlled by REvil affiliates. Ermakov’s group had also been an affiliate of REvil, hinting at their involvement with the cybercrime gang and highlighting the complex web of connections Ermakov is entangled in.
Despite the physical distance between Ermakov and the countries imposing sanctions against him, experts believe that the financial measures are not the only form of punishment he is likely to face. With Ermakov’s alleged role as a key figure in the REvil group, his vast cryptocurrency holdings are likely to make him a target for other criminal elements within Russia. This will likely result in added pressure on Ermakov as he seeks to navigate law enforcement regulations and secure his assets from potential threats.
In conclusion, the sanctions against Ermakov have not only placed financial constraints on him but have also brought his criminal activities to the forefront, making his situation increasingly precarious. The involved governments have taken significant steps to send a clear message that individuals involved in such illicit activities will face repercussions, regardless of their geographical location. While Ermakov may be out of reach for law enforcement at the moment, the spotlight on his activities has made his future endeavors in the criminal underworld considerably more challenging, as he navigates the complex web of connections that have come to light.