Australia has identified the Russian mastermind behind a crippling cyber attack, revealing the 33-year-old hacker for the first time on Tuesday and linking him to an international crime syndicate.
Hackers infiltrated Australian private health insurer Medibank in November 2022, stealing sensitive medical records and leaking them to the dark web.
Among the 9.7 million customers affected by the high-profile cyberattack — one of the country’s worst data breaches — was Australian Prime Minister Anthony Albanese.
Australian intelligence agencies have long suspected Russian hackers were behind the breach, which was previously tentatively linked to the REvil ransomware collective.
After an 18-month investigation, Australia has now taken the rare step of naming the person believed to be responsible: Russian national Aleksandr Gennadievich Ermakov, who was also hit with the first cyber sanctions.
“This is the first time an Australian government has identified a cybercriminal and imposed cyber sanctions of this nature, and it won’t be the last,” Home Affairs Minister Claire O’Neill told reporters.
Xi’s crackdown on corruption targets the struggling financial sector
“These people are cowards and trash,” he added.
“They’re hiding behind technology and today the Australian government is saying when we put our minds to it, we’ll reveal who you are and make sure you’re held accountable.”
Medibank hackers began leaking private health records on the dark web after the company, one of Australia’s largest private health insurers, refused to pay a multi-million dollar ransom.
The leaks were chosen to cause maximum damage: targeting records related to drug abuse, sexually transmitted infections and pregnancy terminations.
“Medibank in my view was the single most devastating cyber attack we have experienced as a nation,” O’Neil said on Tuesday.
“We’ve all been through it, literally millions of people have had personal data about themselves, their family members, taken from them and put hard online for others to see.”
Tunnel vision: will London Underground become a tourist hub?
“Hack the hackers”
Australia has strengthened its cyber security laws in the wake of the Medibank attack, pledging that the country’s intelligence agencies will “hack the hackers” proactively.
In a mocking and cryptic response posted on the dark web, the hackers replied: “We always keep our word.”
Ermakov, who used the online aliases blade_runner and JimJones, will now be the target of a travel ban and severe economic sanctions, Foreign Minister Penny Wong said.
“That will mean it is a criminal offence, punishable by up to 10 years in prison, to give him assets — or use or deal with his assets,” he told reporters.
Photos released by the Australian government showed Ermakov as a fresh-faced young man with short dark hair and a wry smile.
REvil — a hybrid of ransomware and evil — was reportedly busted by Russian authorities in 2022 after extracting an $11 million ransom from JBS Foods, a major food conglomerate.
France’s politicians are appealing to the country’s angry farmers
The Australian government confirmed that Ermakov was a member of the REvil syndicate.
Monash University cybercrime expert Nigel Phair said proving who was behind an attack was “one of the most difficult things” in cyber security.
“This is unlikely to deter other internationally based cyber criminals from targeting Australian organizations or individuals, but it is a step in the right direction,” he said.
Defense Minister Richard Marles said Australian intelligence had tracked down Ermakov with help from the National Security Agency in the United States and GCHQ in the United Kingdom.
“Ermakov has no anonymity,” he said.
“We named him globally for the first time. And his identity now appears in every agency around the world.”
Source: AFP