Medibank hacker identified to be Russian national

Aleksandr Ermakov, a hacker from Russia, was the likely culprit behind the cyberattack on Australia’s largest health insurer, Medibank, the federal government believes.

An investigation by the Australian Signals Directorate (ASD) and the Australian Federal Police (AFP) revealed that 34-year-old Ermakov orchestrated the Medibank attacks, which exposed the personal data of nearly 10 million Australians.

Since Russia is highly unlikely to extradite Ermakov or any other criminal hacker, the Australian government announced that the cyber sanction laws had been applied for the first time in response to this type of violation, The Sunday Morning Herald reported.

Canberra officials believe that friendly nations will follow its lead in enacting sanctions on Ermakov, which include financial penalties and a travel ban. Individuals who assist the Russian national in any way could face up to ten years behind bars.

“This sanction makes it a criminal offense, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments,” Australia’s Department of Foreign Affairs and Trade said.

The 2022 Medibank attack forced the company to take some of its systems offline at the time. Attackers breached the company’s networks, stole data, and demanded a ransom payment in return. Reportedly, the attackers took the private details of 5.1 million Medibank customers, 2.8 million Ahm health insurance (part of Medibank) customers, and 1.8 million international customers.

Medibank refused to succumb to the attackers’ demands and refused to pay the ransom, as cybercrime experts advise that there’s only a “limited chance” that paying up will prevent cybercrooks from publishing the data online. In response, the attackers released some of the data on the dark web.

Attacks on Medibank and the country’s second-largest telecom provider, Optus, led to Australia establishing a joint standing operation against cybercriminal syndicates. The operation involves a hundred cybersecurity practitioners and experts tasked with disrupting ransomware cartels.