The 33-year-old was slapped with travel and financial transaction bans on Tuesday over Australia’s worst cyber breach, in the first use of the autonomous cyber sanctions framework.

The Australian can reveal the Australian Federal Police is also building a criminal case against Ermakov, and hopes to issue a warrant for him that would lead to an Interpol red notice for his ­arrest.

Ermakov was sanctioned after a 15-month investigation involving the Australian Signals Directorate, the AFP and international partners including the FBI and US National Security Agency.

Those who make financial transactions with Ermakov – including cryptocurrency transfers and ransomware payments – will face jail terms of up to 10 years.

Ermakov is an associate of the Russian-based REvil hacker group, one of several cybercrime syndicates based in the country.

The records of 9.7 million Australians were stolen in the Medibank attack, including names, dates of birth, Medicare numbers, and sensitive medical information, with many records published on the dark web.

“The use of these powers sends a clear message – there are costs and consequences for targeting Australia and Australians,” Foreign Minister Penny Wong said.

“These sanctions are part of Australia’s efforts to ensure we uphold the international rules-based order and … the norms of responsible state behaviour in cyberspace.”

Multiple high level sources said the government was working with the US and Britain to have Ermakov sanctioned under their laws, in a move to further isolate the hacker and pile pressure on his associates. The AFP is separately pursuing a criminal investigation into the Russian with international law enforcement counterparts, but the threshold for issuing criminal charges is higher than under the government’s sanctions regime.

Defence Minister Richard Marles said it had been a “painstaking effort” to identify Ermakov, and investigators were working to uncover others involved in the cyber breach.

He paid tribute to Microsoft, which aided the investigation, and to Medibank for its willingness to co-operate with authorities.

Cybersecurity Minister Clare O’Neil said the government would relentlessly pursue the “cowards” and “scumbags” who stole ’ information online.

“Medibank, in my view, was the single most devastating cyber attack we have experienced as a nation,” she said.

“We all went through it, literally millions of people having personal data about themselves, about their family members taken from them and cruelly placed online for others to see.”

The cyber sanctions regime was introduced by the former Morrison government in 2021, when it unveiled its Magnitsky-style human rights sanctions targeting human rights abusers.

While the Coalition did not make use of the framework, opposition cybersecurity spokesman James Paterson accused the government of being “too slow and too weak” to impose sanctions.

Cyber security experts said the autonomous cyber sanctions framework was unlikely to prevent future attacks, but welcomed it as a step in the right direction.

“Australian organisations need to continue to protect their information holdings, the systems where these reside and the people who access it,” Monash University cybersecurity professor Nigel Phair said.

Additional reporting: Joseph Lam

More related stories

Politics

‘We have leadership role on climate change’

Anthony Albanese says Australia is playing a ‘leadership role’ in preparing the Pacific for climate change as he arrived in Samoa for a meeting of Commonwealth leaders.

Read more

Politics

Middle East ceasefire would help my CPI war: Chalmers

Jim Chalmers will make an economic case for a ceasefire in the Middle East and open a new front in Labor’s push to end conflict in the region, warning an escalation in fighting ‘risks persistent inflation for the global middle class’.

Read more