The United States, the United Kingdom, and Australia have imposed sanctions on Alexander Ermakov due to his involvement in a ransomware attack against Australian healthcare insurer Medibank in 2022. This cyberattack resulted in the exposure of sensitive data belonging to approximately 9.7 million Medibank users.
In a press release by the U.S. Department of the Treasury, it was stated that these sanctions were pursued by the United States to illustrate their solidarity with partners Australia and the United Kingdom. The measure also signifies an acknowledgment of the risk that similar attacks could occur within any of these three countries. The Treasury is committed to safeguarding infrastructure by imposing penalties for ransomware attacks. It has been noted that Russia has facilitated such attacks on other nations by providing a safe haven for criminals, thereby helping them evade further penalties. As per the press release, this sanction necessitates that all property and interests of the individual in question within the US be blocked and reported to the Office of Foreign Assets Control (OFAC). OFAC regulations prohibit all dealings involving property or interests of a blocked or designated person, including those owned by 50% or more by them. Transactions involving blocked persons are forbidden unless authorized by a license or exempted. This includes making or providing contributions or services to blocked persons.
The ransomware attack took place in October 2022, during which Ermakov stole Personally Identifiable Information (PII) along with sensitive health information. REvil, a Russian-backed cybercrime group, is suspected to be associated with this attack. The group's ransomware has been deployed on over 175,000 computers worldwide, leading them to receive over $200 million in ransom payments.
Under Secretary of the Treasury Brian E. Nelson said: "Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data." He added, "Today’s trilateral action with Australia and the United Kingdom, the first such coordinated action, underscores our collective resolve to hold these criminals to account."
