The Australian Government has announced sanctions on a Russian cybercriminal linked to the Medibank Private data hack.
Subscribe now for unlimited access.
or signup to continue reading
Russian citizen Aleksandr Ermakov has been named in connection to the 2022 cyberattack that had 9.7 million records stolen including personal details, Medicare numbers and sensitive medical information.
Many of the stolen records were later published on the dark web.
After a "tireless" 18-month investigation the government has imposed a targeted financial sanction and travel ban on Mr Ermakov for his role in the data breach, Minister for Foreign Affairs Senator Penny Wong has announced.
"It was an egregious violation and impacted some of the most vulnerable members of the Australian community," Senator Wong said at a press conference on January 23.
The sanction makes it a criminal offence to provide assets to Mr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.
"This is the first time Australia's autonomous cyber sanctions have been used," Senator Wong said.
"It sends a clear message that there are costs and consequences for targeting Australia and for targeting Australians."
Federal cyber security and home affairs minister Clare O'Neil said the advice to businesses was to never pay ransom.
"Paying a ransom does not guarantee sensitive data will be recovered, prevent it from being sold or leaked online or prevent further attacks," she said.
"It also makes Australia a more attractive target for criminal groups."
Following the October 2022 hack Medibank shareholders and customers launched class actions against the private health insurer.
The breach came a month after the Optus data hack which affected millions of current and former customers of the telco.