Australia has used its new cyber enforcement powers against a Russian national for the first time in connection with the Medibank Private data breach.
Magnitsky-style sanctions laws, introduced in Australia in late 2021, include a world-leading measure that allows travel bans to Australia and asset freezes for individuals allegedly involved in “significant” cyber attacks.
Like many countries, Australia has adopted sanctions laws named after corruption whistleblower Sergei Magnitsky. These measures often target individuals allegedly linked to serious corruption or human rights violations. However, Australian law also allows sanctions to punish allegedly malicious cyber activity.
The Australian government announced on Tuesday that it would impose sanctions on 33-year-old Russian citizen Aleksandr Gennadievich Ermakov under the new law.
Relating to: Russian Medibank hackers could be first target of Australia’s sanctions on cyber attackers
In a statement, the government said police and intelligence agencies were working with international partners to connect Ermakov to the “compromise of the Medibank Private network” in 2022.
He said that this decision “makes providing assets to Aleksandr Ermakov or using or transacting with his assets, including cryptocurrency wallets or ransomware payments, a crime punishable by up to 10 years in prison and heavy fines.”
Approximately 9.7 million customer records, including dates of birth and Medicare numbers, were compromised in the Medibank Private data breach.
The records contained sensitive medical information, such as policyholders’ alleged procedures for pregnancy termination and miscarriages. Some recordings were published on the dark web.
Australian federal police commissioner Reece Kershaw previously said he had intelligence that hackers in Russia were responsible for the Medibank data breach.
The sanctions decision was signed by foreign minister Penny Wong on Monday. Ermakov, who was born in Russia on May 16, 1990, is also known as Alexander Ermakov, GustaveDore, aiiis_ermak, blade_runner or JimJones, the sanctions announcement said.
“This list demonstrates Australia’s ongoing commitment to deterring and robustly responding to malicious and significant cyber incidents,” he said in an explanatory statement appended to the sanctions notice.
“Listing serves our national interest to cost, impact and deter those responsible for malicious cyber activity.”
At a media conference in Canberra on Tuesday, officials answered questions about what practical impact cyber sanctions would have on the alleged hacker.
Abigail Bradshaw, head of the Australian Signals Directorate’s Australian Cyber Security Centre, said: “We know a lot about Mr Ermakov through our analysis… [Anonymity] is a selling quality and hence the naming [him] and identification [him] “With confidence from our technical analysis, we believe that Mr. Ermakov will definitely harm his cyber business.”
Deputy Prime Minister Richard Marles said Australia was the first country in the world to name Ermakov and that it would have a “very significant impact” on him.
“The Australian Signals Directorate and the Australian federal police have worked tirelessly over the last 18 months to unmask these incidents. [allegedly] “We are responsible for the cyber attack on Medibank Private and protecting Australians from malicious cyber activity,” Marles said.
Wong said the government expects the sanctions measure to have “financial consequences” for Ermakov.
Home Affairs minister Clare O’Neil also gave “strong advice” to businesses against paying ransoms to alleged cybercriminals, saying it did not guarantee sensitive data would be recovered but “made Australia a more attractive target for criminal groups”. .
Coalition home affairs spokesman James Paterson, who has called for cyber sanctions to be imposed against the Medibank hackers in late 2022, welcomed the move but said it was “not clear why it’s taking so long”.
“This is a challenging issue. “We can’t just snap our fingers and make this go away,” Paterson told Sky News on Tuesday.
“If like-minded countries around the world help shape these norms by imposing a cost on this behavior, that doesn’t guarantee it will be stopped, but it does make it less likely than if we do nothing.”
Monash University cybersecurity expert Prof Nigel Phair said it was difficult to attribute cybercriminals.
“While it likely won’t result in this person’s (or possibly anyone else’s) arrest, it does set the wheels in motion [alleged] “We think this could lead to cybercriminals negatively impacting their efforts to work with others in their future criminal pursuits,” Phair said.