Russian hacker-linked REvil behind 2022 Australian cyberattack also targeted Hong Kong’s Dairy Farm

Notorious ransomware cybercriminal group, REvil, linked to Russian hacker Aleksandr Ermakov who has been named as the perpetrator of a prominent Australian cyberattack in 2022, was also responsible for an attack on Hong Kong-based retailer Dairy Farm previously.

The Australian government on Tuesday named and sanctioned Ermakov for the 2022 ransomware attack on Medibank that led to 9.7 million personal records stolen after the Australian insurer did not pay the ransom. Some of Medibank’s records were published on the dark web.

Canberra confirmed Ermakov was linked to REvil, which executed attacks globally between 2020 and 2021 including one on Dairy Farm group in 2021 while demanding an alleged ransom of US$30 million.

It is not clear whether Dairy Farm paid the ransom. Dairy Farm did not respond to a request for comment.

The Russian-based ransomware-as-a-service (RaaS) operation REvil, or short for “Ransomware Evil”, was dismantled by Russian authorities in early 2022, following pressures by other governments including the US to force the group offline.

The group hurt many organisations when it executed a ransomware attack on a software package developed by US-based Kaseya in 2021.

In 2021, the group also attacked Australia-based global beef producer JBS and crippled its global supply chains before the company paid US$11 million as ransom.

Unlike JBS, Medicare did not pay a ransom and data hacked from its site was later publicly published in one of the most prominent cyberattacks in Australia. Later that year, another cyberattack rendered Australian telco Optus vulnerable when another 10 million personal records were stolen.

Australia topped the list of ransomware attacks in Asia-Pacific between 2021 and 2022, according to