Russia detains hacker behind Australia’s Medibank attack


Aleksandr Ermakov was detained over his involvement in SugarLocker ransomware, which, among others, also targeted organizations within Russia and the Moscow-led Commonwealth of Independent States (CIS).

Russian authorities, together with Group-IB’s spinoff company F.A.C.C.T., have identified and detained members of the SugarLocker ransomware gang.

Researchers discovered that some of the gang's infrastructure was located on Russian hosting sites, where an error in a web server configuration allowed them to access SugarLocker’s ransomware control panel. The identities of ransomware operators were found there.

ADVERTISEMENT

According to F.A.C.C.T., one of the detained hackers operated under the nicknames blade_runner, GistaveDore, GustaveDore, and JimJones. The same monikers were used by 34-year-old Aleksandr Ermakov.

Earlier this year, an investigation by the Australian Signals Directorate (ASD) and the Australian Federal Police (AFP) revealed that Ermakov orchestrated the Medibank attacks, which exposed the personal data of nearly 10 million Australians.

At the time, the Australian government announced that the cyber-sanction laws had been applied for the first time in response to this type of violation. Neither Russian authorities nor the statement from F.A.C.C.T. mentions Ermakov’s surname nor his involvement with cybercrimes related to Medibank.

While Russia employs lenient policies towards ransomware operators, SugarLocker made the cardinal mistake of any Russian hacker – the gang targeted businesses and organizations within Russia and the CIS.

According to the researchers, the attackers worked under the guise of a legal IT firm supposedly providing web development services for online businesses.

In early January, Kazakh authorities handed over Nikita Kislitsin, the former head of security of F.A.C.C.T., to Moscow. Kislitsin, who is also wanted by the US, was a prominent figure in Russia’s hacking community.

In 2013, Kislitsin joined Group-IB, a cyber security company founded by Ilya Sachkov, who has been jailed for 14 years by a Moscow court on treason charges.

ADVERTISEMENT