Australia has today used cyber sanctions powers on a Russian individual for his role in the breach of the Medibank Private network.
This is the first use of Australia's autonomous cyber sanctions framework and is a result of Australian Government efforts over the past 18 months to investigate and respond to this cyber incident.
In the attack, 9.7 million records were stolen. These records included names, dates of birth, Medicare numbers, and sensitive medical information. Some records were published on the dark web.
The Australian Signals Directorate and the Australian Federal Police, under Operation Aquila, together with other Commonwealth agencies and international partners, have worked tirelessly to link Russian citizen and cybercriminal Aleksandr Ermakov to the compromise of the Medibank Private network and continue to pursue other leads.
The Australian Government has imposed a targeted financial sanction and a travel ban on Aleksandr Ermakov. This sanction makes it a criminal offence, punishable by up to 10 years' imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.
This announcement highlights the Albanese Government's commitment in the 2023‑2030 Australian Cyber Security Strategy to deter and respond to malicious cyber activity, including through the use of sanctions.
We encourage all Australians - including businesses - to be vigilant about their cyber security arrangements to help make Australia a harder target against increasing malicious cyber activity.
The Australian Government discourages businesses and individuals from paying ransoms or extortion claims to cyber criminals. If you are asked to pay a ransom you should:
- Call the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) for cyber security assistance; and
- Report the cybercrime, incident or vulnerability to the Australian Signals Directorate at https://www.cyber.gov.au/report
Quotes attributable to the Deputy Prime Minister, the Hon Richard Marles MP:
"In our current strategic circumstances we continue to see governments, critical infrastructure, businesses and households in Australia targeted by malicious cyber actors.
"The Australian Signals Directorate and the Australian Federal Police have worked tirelessly over the past 18 months to unmask those responsible for the cyberattack on Medibank Private and to ensure Australians are protected from malicious cyber activity.
"We continue to work with our friends and partners around the world to ensure cyber criminals are held to account for their actions and we will relentlessly pursue activities which disrupt their capability to target Australians in the cyber space."
Quotes attributable to the Minister for Foreign Affairs, the Hon Penny Wong:
"The use of these powers sends a clear message - there are costs and consequences for targeting Australia and Australians.
"The Albanese Government will continue to hold cybercriminals to account.
"This is an incredible effort from our cyber and intelligence teams. We are using all elements of our national power to make Australia more secure at home and to keep Australians safe."
Quotes attributable to the Minister for Home Affairs and Minister for Cyber Security, the Hon Clare O'Neil MP:
"The Australian Government condemns malicious cyber activity, and we will work with our partners and do everything in our power to punish individuals who attempt to perpetrate cyber crime in this country.
"Through the 2023-2030 Australian Cyber Security Strategy, we are hardening our defences and putting layers of protection around Australians and Australian businesses. This includes working with industry to break the ransomware business model.
"Our strong advice to businesses is never pay the ransom. Paying a ransom does not guarantee sensitive data will be recovered, prevent it from being sold or leaked online or prevent further attacks. It also makes Australia a more attractive target for criminal groups."