January 26, 2024

US and UK join Australia to sanction Russian cyber-hacker Alexander Ermakov

On January 23, 2023, the US and UK joined Australia to sanction Alexander Ermakov, a Russian national and cybercriminal who played a pivotal role in the 2022 ransomware attack against Australian healthcare insurer Medibank Private Limited.  Ermakov allegedly stole personally identifiable information (“PII”) and sensitive health information of approximately 9.7 million current and former Medibank customers and authorized representatives.  According to OFAC, some of the PII was leaked on the dark net.  OFAC reported that Ermakov and others involved in the Medibank hack are believed to be associated with Russian cyber-gang REvil, which was one of the most notorious cyber-gangs in the world until the group’s disappearance in July 2021.

OFAC designated Ermakov under Executive Order 13694, as amended by EO 13757, for being responsible for or complicit in a cyber-enabled activity identified pursuant to EO 13694.  As a result of this designation, all property and interests in property of the designated individual within the United States or within the possession or control of a US person are blocked, and US persons are generally prohibited from engaging in transactions with them.  Entities owned 50 percent or more by one or more blocked persons are also blocked.

The UK Foreign, Commonwealth & Development Office also announced that it designated Ermakov as part of a coordinated action aimed at combating malicious international cybercrime and promoting international security and stability in cyberspace.  The UK designation was imposed pursuant to the Cyber (Sanctions) (EU Exit) Regulation 2020 (SI 2020/597), which subjects Ermakov to asset freezes and travel bans in the United Kingdom.

On January 23, 2024, Australian authorities announced that the targeted financial sanction on Ermakov was the first time that Australia had used its autonomous cyber sanction framework.  The Australian government reported that the sanction was imposed at the conclusion of an 18-month investigation conducted by several Commonwealth agencies, including the Australian Signals Directorate and the Australian Federal Police, and international partners.  As a result of the designation, Ermakov is subject to a travel ban in Australia.  It is also a criminal offense for persons in Australia to use or deal with Ermakov’s assets or provide assets to him.

US Department of Treasury Press Release | UK Government News Story | OFSI Financial Sanctions Notice – Cyber | Australia Ministry of Foreign Affairs Media Release