It comes less than a month after the Albanese government named Ermakov as the mastermind of the Medibank attack, and the US and UK joined Australia in imposing sanctions on the hacker.

Late on Wednesday, an Australian Federal Police spokesman told The Australian that he was aware Ermakov had reportedly been detained.

“The AFP is aware of reports a Russian individual has been detained in Russia for alleged cyber crimes,” the spokesman said.

“The AFP has no further comment at this stage. The AFP investigation into the Medibank Private hack in 2022 remains ongoing and is a priority for the AFP.”

It is understood Ermakov was detained over his involvement in the SugarLocker ransomware attacks. It follows the death of Russian President Vladimir Putin’s main opponent, Alexei Navalny, in an Arctic Circle prison, sparked international condemnation.

The Australian government’s action against Ermakov marked the first use of this nation’s autonomous cyber sanctions framework, making it a criminal offence punishable by up to 10 years’ jail to transact with Ermakov, including through cryptocurrency or ransomware payments.

Medibank declined to comment on Ermakov’s detention but last month thanked the Albanese government for pursuing the Russian hacker.

Medibank said cybercrime was a “deliberate and malicious act and every effort should be made to deter criminals for undertaking these crimes”.

The records of 9.7 million Australians were stolen in the Medibank attack, including names, dates of birth, Medicare numbers, and sensitive medical information.

Within weeks of the data breach, messages appeared on multiple dark web forums boasting of the massive cyber theft, and seeking a ransom of nearly $10m, which Medibank refused to pay.

This led to the publication of hundreds of procedures on the dark web. Posted under online monikers, including GustaveDore, JimJones, and blade_runner, data dumps identified those who had sought abortions, and treatment for HIV, drug addiction and mental health issues.

Medibank attempted to delay the mass leak of customer data. WhatsApp messages and emails released by a hacking group known as REvil appeared to show discussions between the health insurer and the group.

“Hi! As your team is quite shy, we decided to make the first step in our negotiation,” the hackers wrote in a WhatsApp message to Medibank chief executive David Koczkar.

“We have 200gb sensitive data from your RedShift Cluster. We offer to start negotiations in another case we will start realising our ideas like 1. Selling your Database to third parties. 2.

“But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, LGBT activist, drug addictive people etc … Also we’ve found people with very interesting diagnoses.”

But the hackers left a trail of digital “fingerprints”, vital clues – including the details of the software used to infiltrate the Medibank system and the method of exfiltrating the data – which were shared with Australia’s Five Eyes intelligence and enforcement partners, including America’s FBI and NSA, and British signals intelligence agency GCHQ. This ultimately led to Ermakov being identified as the main perpetrator.

The fallout continues for Medibank, which is facing a $150m damage bill, including potential class action settlements, according to analysts.

More related stories

Business

My dropkick brother-in-law feeds off me like a parasite

My brother-in-law has it sorted - mail-order bride, living rent-free, demanding lavish gifts and refusing to pay back a $10k loan he lost on the stockmarket. Here’s Barefoot Investor’s advice to a fed up woman.

Read more

Markets

European stocks in demand as investors seek out value

The popularity of US stocks has fallen sharply since December, when fund mangers expected them to lead other assets in 2025 were ‘super bullish’.

Read more