{
	"id": "e0e6affd-4d6a-4d03-98b5-585f7c5d1723",
	"created_at": "2026-04-06T00:06:25.969863Z",
	"updated_at": "2026-04-10T03:21:47.2688Z",
	"deleted_at": null,
	"sha1_hash": "dbca8969c8c169e6db606fcf87bf6294ca6d0619",
	"title": "Australia, US, UK Sanction Russian Over 2022 Medibank Breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 116116,
	"plain_text": "Australia, US, UK Sanction Russian Over 2022 Medibank Breach\r\nBy Mihir Bagwe\r\nArchived: 2026-04-05 14:05:56 UTC\r\nFraud Management \u0026 Cybercrime , Geo-Specific , Ransomware\r\nGovernments Accuse Aleksandr Ermakov and REvil of Being Medibank Hackers (MihirBagwe) • January 23,\r\n2024    \r\nThe United States, the United Kingdom and Australia accused Aleksandr Ermakov, pictured, of\r\nhacking Medibank in 2022. (Image: Australian Department of Foreign Affairs and Trade)\r\nThe United States, Australia and the United Kingdom sanctioned a Russian man the governments say was behind\r\nthe October 2022 hacking of Medibank, Australia's largest private health insurer.\r\nSee Also: Demostración Del Producto: Backup Y Recuperación De VM\r\nAustralia on Monday sanctioned 33-year-old Aleksandr Gennadievich Ermakov, linking him to the Medibank data\r\nbreach - an incident that resulted in hackers dumping online information taken from 9.7 million current and\r\nformer Medibank customers (see: Medibank Hackers Dump Stolen Data on the Dark Web).\r\nThe United States and the United Kingdom followed suit Tuesday. The coordinated trilateral action, a first for the\r\ncountries, \"underscores our collective resolve to hold these criminals to account,\" said U.S. Under Secretary of the\r\nTreasury Brian Nelson.\r\nhttps://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163\r\nPage 1 of 2\n\nAustralian authorities announced in November 2022 that they had identified the Medibank hackers, citing \"a\r\ngroup of loosely affiliated cybercriminals\" based in Russia. The hackers may be a relaunch of the REvil extortion\r\ngang known as BlogXX (see: Who Is Extorting Australian Health Insurer Medibank?). The U.S. Treasury\r\nannouncement says that Ermakov and the other actors behind the Medibank hack \"are believed to be linked to the\r\nRussia-backed cybercrime gang REvil.\"\r\nAustralian Foreign Affairs Minister Penny Wong signed the sanctions decision against Ermakov on Monday. His\r\nvarious aliases include AlexanderErmakov, GustaveDore, aiiis_ermak, blade_runner and JimJones.\r\nThe attack was a high point in a wave of ransomware attacks and data breaches buffeting the country that year. It\r\nended with the government vowing to wake \"from a cyber slumber\" and become \" \"the world's most cyber-secure\r\ncountry\" over the next seven years (see: Australia Aims to Be World's 'Most Cyber-Secure' Country).\r\nMedibank refused to pay hackers' extortion demand, stating at the time that it believed the chances of limiting the\r\nbreach fallout were \"limited\" and that \"there is a strong chance that paying puts more people in harm's way by\r\nmaking Australia a bigger target.\"\r\n\"Today is a warning to cybercriminals,\" said Australian Minister for Cyber Security Clare O'Neil while\r\nannouncing the sanctions. \"We will never stop looking for you. We will unveil who you are, and we will make\r\nsure you are held accountable.\"\r\nThe Australian sanctions ban Ermakov from entering the country and make having financial dealings with him\r\npunishable by up to a decade in prison. The U.S. and U.K. sanctions ensure Ermakov's banishment from vast\r\nsegments of the international financial system.\r\nSource: https://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163\r\nhttps://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163"
	],
	"report_names": [
		"australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163"
	],
	"threat_actors": [],
	"ts_created_at": 1775433985,
	"ts_updated_at": 1775791307,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dbca8969c8c169e6db606fcf87bf6294ca6d0619.pdf",
		"text": "https://archive.orkl.eu/dbca8969c8c169e6db606fcf87bf6294ca6d0619.txt",
		"img": "https://archive.orkl.eu/dbca8969c8c169e6db606fcf87bf6294ca6d0619.jpg"
	}
}