Russian Linked to REvil Faces Sanctions from Three Nations

The United States, Australia, and the United Kingdom have imposed sanctions on Russian national Alexander Ermakov, held responsible for the hacking of Australian insurance company Medibank.

The U.S. government claims that Ermakov and other participants in the attack are connected to the Russian-backed cybercriminal group REvil.

According to OFAC, in October 2022, ransomware operators stole 9.7 million records of current and former Medibank clients. When the company refused to pay a $10 million ransom, the hackers selectively released highly confidential medical data, including information related to abortions, HIV, and alcohol abuse, adds Krebs On Security.

The 33-year-old Alexander Ermakov is known by the aliases GustaveDore, JimJones, and Blade Runner. He was behind the development of the Sugar (Encoded 01) ransomware, using the REvil encryptor. 

Experts consider REvil, also known as Sodinokibi, to be one of the largest hacker groups in the world. It has been involved in several large-scale breaches, spreading ransomware and demanding ransoms in cryptocurrency. The damage from their activities is estimated at no less than $200 million.

Back in July 2021, REvil’s darknet sites suddenly went offline. 

In November of the same year, U.S. authorities imposed sanctions on Russian Yevgeny Polyanin and Ukrainian Yaroslav Vasinskyi, who collaborated with the hackers.

In January 2022, the FSB announced the “liquidation” of the REvil group and the arrest of its alleged members following a request from U.S. authorities. During the investigation, the Russian Ministry of Internal Affairs confiscated over 300 million rubles, $950,000, more than €1 million, and 19.9 BTC.