The Week in Ransomware - January 26th 2024 - Govts strike back
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. [...]
Sanctions shape cybersecurity by restricting transactions, technology access, and support linked to cyber operations and critical infrastructure risks.
Search across headline titles and summaries.
Background for this topic.
Sanctions are legal restrictions imposed by governments or international bodies on dealings with specified countries, organizations, individuals, or activities. They can limit payments, exports, imports, access to services, or provision of technical assistance; the exact prohibitions, exceptions, and licensing rules depend on the relevant jurisdiction. Cyber-related designations may identify operators, companies, or intermediaries linked to malicious activity, but sanctions are legal measures rather than technical indicators of compromise.
For security practitioners, sanctions create operational requirements around counterparties and technology flows. Organizations may need to screen customers, suppliers, service providers, and payment recipients, including aliases and ownership links, and restrict access or support where law requires. Export-control and sanctions rules can also affect distribution of cryptographic products, exploit research, cloud services, and incident-response assistance. Threat intelligence can help map sanctioned entities and evasion networks, while vulnerability-management and response teams should preserve records showing who received software, credentials, or technical help. Because lists and licensing conditions change, automated controls need human review and documented escalation rather than treating a name match as conclusive.
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. [...]
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia's most destructive ransomware groups, but little more is shared about the accused. Here's a closer look at the activities of Mr. Ermakov's alleged hacker handles.
U.S.-Led Sanctions Do Little to Curtail North Korea's Development of AISouth Korea's intelligence agency has reported that North Korean hackers are using generative AI to conduct cyberattacks and search for hacking targets. Experts believe North Korea's AI capabilities are robust enough for more precise attacks on South Korea.
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank
Governments Accuse Aleksandr Ermakov and REvil of Being Medibank HackersThe United States, Australia and the United Kingdom sanctioned a Russian man the governments say was behind the October 2022 hacking of Medibank, Australia's largest private health insurer. The attack was a high point in a wave of data breaches buffeting the country that year.
Aleksandr Ermakov, alongside other members of the REvil ransomware gang, are responsible for one of the biggest cyberattacks in Australia's history.
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...]
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...]
The Australian government has sanctioned Russian national Aleksandr Ermakov for his role in the Medibank data breach
'Aleksandr Ermakov' isn't allowed down under after being linked to ten-million-record leak Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…