US, UK, Australia Sanction Russian Hacker
The U.S., the U.K. and Australia on Jan. 23 sanctioned Russian national Aleksandr Ermakov, who played a “pivotal” role in a 2022 ransomware attack against an Australian healthcare insurance company. The Office of Foreign Assets Control said Ermakov is a “cybercriminal” who also poses a risk to U.S. healthcare firms.
OFAC said Ermakov used ransomware to attack Australia’s Medibank Private Limited, extracting sensitive data from more than 9.7 million users. The joint sanctions announcement shows the U.S. “stands with our partners to disrupt ransomware actors who victimize the backbone of our economies and critical infrastructure,” the agency said.
Australia’s designation of Ermakov is the “first use” of the country’s cyber sanctions regime framework, which the country announced in 2021. Violators of the Australian sanctions could face criminal penalties, including “heavy fines” and up to 10 years in prison, the country’s foreign affairs ministry said.
The designation was the second coordinated sanctions action by the three countries this week. The U.S., the U.K. and Australia on Jan. 22 designated people and companies tied to Hamas, including financiers of the terror group (see 2401220024).