In the autumn of 2022, ransomware was used to steal nearly 10 million customer records from Australian insurance firm, Medibank. The hackers demanded a hefty $10 million ransom, which the company refused to pay. As a result, the criminals went on to publicly release confidential information about Medibank’s clients.
Alexander Ermakov, who operated under the aliases GustaveDore, JimJones, and Blade Runner, is believed by US authorities to be associated with the REvil hacker group. He is considered the mastermind behind the Sugar (Encoded 01) ransomware program, which utilizes the REvil ransomware.
Just recently, the US Department of the Treasury announced the implementation of personal restrictions on Mr. Ermakov, including the freezing of all his accounts, properties, and shares in companies, and prohibiting any transactions with US citizens or services from American legal entities. Both British and Australian authorities have also imposed similar sanctions.
REvil is notorious for being one of the largest cybercriminal groups that distribute ransomware and demand payment in cryptocurrency. In winter 2022, the Russian Federal Security Service reported that the REvil group had been dismantled.
Prior to this incident, PeckShield representatives had reported that cryptocurrency companies experienced lower losses in 2023 due to attacks from hacker groups compared to the previous year.