俄罗斯黑客涉嫌Medibank黑客事件被制裁

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank.

来自澳大利亚、英国和美国的政府对一名俄罗斯国民实施了财务制裁，原因是他据称参与了2022年针对医疗保险提供商Medibank的勒索软件攻击。

Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable Information (PII) belonging to the Australian company.

33岁的亚历山大·埃尔玛科夫（又名blade_runner、GistaveDore、GustaveDore或JimJones）与对Medibank网络的入侵以及窃取和发布澳大利亚公司的个人身份信息（PII）有关。

The ransomware attack, which took place in late October 2022 and attributed to the now-defunct REvil ransomware crew, led to the unauthorized access of approximately 9.7 million of its current and former customers.

这次勒索软件攻击发生在2022年10月底，被认为是已倒闭的REvil勒索软件团伙进行的，导致其约970万名现任和前任客户的未经授权访问。

The stolen information included names, dates of birth, Medicare numbers, and sensitive medical information, including records on mental health, sexual health and drug use. Some of these records were leaked on the dark web.

被窃取的信息包括姓名、出生日期、医疗保险号码以及涉及心理健康、性健康和药物使用等敏感医疗信息的记录。其中一些记录已在暗网上泄漏。

As part of the trilateral action, the sanctions make it a criminal offense to provide assets to Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

作为三方行动的一部分，这些制裁使为Ermakov提供资产，或者使用或处理他的资产（包括通过加密货币钱包或勒索软件支付）成为刑事犯罪行为。

The offense is punishable by up to 10 years' imprisonment. In addition, the Australian government has also imposed a travel ban on Ermakov.

该罪行可处以最高10年监禁。此外，澳大利亚政府还对Ermakov实施了旅行禁令。

The U.K. government said the penalty is their latest effort "to counter malicious cybercriminal activity emanating from Russia that seeks to undermine integrity and prosperity" of the country and its allies.

英国政府表示，这些处罚是他们最新的努力，旨在“打击源自俄罗斯的恶意网络犯罪活动，破坏该国及其盟友的诚信和繁荣”。

Besides criticizing Russia for providing a safe haven to malicious cyber actors, the U.S. Department of the Treasury called out the East European nation for enabling ransomware attacks by cultivating and co-opting criminal groups.

除了批评俄罗斯为恶意网络行为者提供庇护所外，美国财政部还指责这个东欧国家通过培养和利用犯罪团伙来实现勒索软件攻击。

It further called on Russia to take concrete steps to prevent cyber criminals from freely operating in its jurisdiction.

它进一步呼吁俄罗斯采取切实措施，防止网络犯罪分子在其司法管辖区内自由活动。

"Russian cyber actors continue to wage disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data," said Under Secretary of the Treasury Brian E. Nelson.

财政部副部长布赖恩·E·尼尔森说：“俄罗斯网络行为者继续对美国和盟国发动破坏性的勒索软件攻击，针对我们的企业，包括关键基础设施，窃取敏感数据。”

"This action demonstrates that the United States stands with our partners to disrupt ransomware actors who victimize the backbone of our economies and critical infrastructure," the Treasury Department noted.

财政部指出：“此举表明，美国与我们的伙伴站在一起，打击对我们经济和关键基础设施构成威胁的勒索软件行为者。”

原文始发于微信公众号（知机安全）：俄罗斯黑客涉嫌Medibank黑客事件被制裁