Australia imposes 'cyber sanctions' on Russian individual for Medibank breach

In a historic move, the Australian Government has imposed targeted 'cyber sanctions' and a travel ban on Aleksandr Ermakov, a Russian individual linked to the Medibank Private network breach.

The sanctions, a first of their kind in Australia, render it a criminal offence to provide assets to Ermakov or deal with his assets, including cryptocurrency wallets or ransomware payments.

The penalties for violating these sanctions include up to 10 years of imprisonment and substantial fines.

In October 2022, the Medibank cyber attack resulted in the theft and potential exposure of personal and health data of 9.7 million customers, leading to significant financial impact and a refusal by Medibank to pay a ransom.

This is a very important day for cyber security in our country.

Today with @RichardMarlesMP and @SenatorWong, we announced that Australia has imposed cyber sanctions on a Russian individual for his role in the breach of the Medibank Private network. pic.twitter.com/aqu7KxIJnw

— Clare O'Neil MP (@ClareONeilMP) January 22, 2024

"Single most devastating cyber-attack"

Cyber Security Minister Claire O'Neil described the Medibank attack as "the single most devastating cyber-attack" the nation has witnessed, highlighting the theft and publication of millions of Australians' records on the dark web.

She praised the efforts of the Australian Government's cyber operatives, who, under Operation Aquila, collaborated with the Australian Signals Directorate (ASD) and the Australian Federal Police, along with other Commonwealth agencies and international partners. 

This move marks a significant step in Australia's fight against cybercrime, with O'Neil issuing a stern warning to cybercriminals: Australia will relentlessly pursue and hold accountable those who target its citizens.

Medibank hack

The Medibank hackers accessed personal information of approximately 9.7 million current and former customers, including Medibank, ahm and international customers.

The breach compromised names, addresses, birth dates, phone numbers, email addresses, Medicare numbers, passport numbers, visa details for international students and health claims data.

It had severe ramifications, with hackers threatening to release private medical information if a ransom was not paid.

Medibank refused to pay the ransom, based on advice from cybercrime experts, who believed paying could encourage further extortion and make Australia a more significant target.

The hackers published some of the stolen information on the dark web, impacting individuals with sensitive medical histories.

This breach cost the company an estimated $26 million in the aftermath, with a loss of 13,000 policyholders.

The Australian Federal Police attributed the attack to hackers in Russia, undertaking measures with international partners to bring the perpetrators to justice.