US, UK, Australia sanction Russian national after major Australian ransomware attack

The October 2022 attack targeted Australia's largest private health insurer, Medibank.
The US Treasury Department building is seen in Washington, DC, January 19, 2023. (Photo by SAUL LOEB/AFP via Getty Images)

The U.S., U.K. and Australian governments on Tuesday sanctioned a Russian man for his role in the October 2022 ransomware attack on Medibank, Australia’s largest private health insurance provider.

Alexander Ermakov, a Russian national, “played a pivotal” role in the attack, which compromised health insurance data for nearly 4 million Australians and included more than 9.7 million stolen records, according to the U.S. Treasury Department.

The move comes a day after the Australian government announced what the Sydney Morning Herald said was that country’s first use of cyber sanctions laws in this fashion. Australian authorities also said they are looking to arrest Ermakov and are investigating any of his known associates.

Ermakov is linked to the REvil ransomware operation, which, at one time, was “among the most notorious cybercrime gangs in the world,” having been deployed on approximately 175,000 computers worldwide and tied to at least $200 million paid in ransom, according to the U.S. Treasury statement.


In November 2021, the U.S. State Department announced a $10 million reward for any information leading to the identification or location of any key leaders involved with the REvil ransomware operations (also known as Sodinokibi). The reward also included a $5 million offer for information leading to the arrest and/or conviction in any country of anybody conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.

“Russia continues to provide a safe haven to ransomware actors and enable ransomware attacks by cultivating and co-opting criminal hackers who have launched disruptive ransomware attacks against U.S. and allied countries,” the State Department said in a statement Tuesday. “We will continue to stand with our partners to disrupt ransomware actors that threaten our economies and critical infrastructure.”

REvil/Sodinokibi ransomware was used as part of the July 2021 attack on Florida-based IT services vendor Kaseya, which ultimately affected as many as 1,500 downstream customers. The U.S. government in November 2021 charged two men for that attack, a Ukrainian and a Russian.

One of those men, Yaroslav Vasinskyi, was arrested in Poland and extradited to the U.S. in March 2022. His sentencing in the case was set for Jan. 18, 2024, but has been continued to March 1, 2024.

Latest Podcasts