Can cyber sanctions act as a global weapon for cybersecurity?

Sameera Pillai

When Australia imposed thematic sanctions against Russian hacker Alexander Ermakov for his involvement in the Medibank breach of 2022, the West followed suit. While the Australian government can impose autonomous sanctions to target a specific issue or country, thematic sanctions can be imposed against specific individuals who are involved in certain activities such as serious corruption, violations of human rights and cyber incidents. 

Ermakov, who is now facing a travel ban and financial penalties, is a member of Sodinokibi – a cybercrime gang. The gang – more commonly known as REvil – does not attack Russian businesses leading experts to suggest that it is backed by Russia. REvil has been associated with cyberattacks across numerous countries including the United States and the United Kingdom. In January 2024, the US and the UK backed Australia in its move against Ermakov in efforts to address ransomware attacks. 

Australia’s Autonomous Sanctions Act (2011) was amended in December 2021 to include Magnitsky-style targeted sanctions. The amendment clarified that autonomous sanctions can either be country-specific or thematic. Following this, thematic sanctions can impose targeted travel bans and financial sanctions on a person. It enables the Minister for Foreign Affairs to designate an entity for targeted sanctions if the Minister believes they have caused a significant cyber incident that harms Australia or another country. The sanctions against Ermakov mark the first time the government has utilised this amendment in response to a “serious cyber incident”.

In May 2021, an attack by REvil against Colonial Pipeline affected important equipment necessary for managing the pipeline, causing fuel shortages in some parts of the US. In the same month, the cybergang also attacked JBS Foods, a major producer of meat that has operations in Australia. In the cyberattack against Medibank - Australia’s largest private health insurer - in October 2022, nearly 10 million people were affected. Sensitive medical records of customers that detailed alcohol issues, HIV results and abortion issues were leaked to the dark web. Other private information such as addresses, full names and date of birth were also uploaded to the dark web. This puts those customers at a great risk of facing identity theft, fraud and blackmailing. 

The extent and impacts of these cyberattacks are serious and many organisations across various continents have been significantly affected. Cybercriminals often target critical infrastructure such as water and electricity that have a greater impact on the population of a country. The severity of this situation warrants a unified, coordinated response. This is because the cross-border and complex nature of cyber crimes coupled with the scale and intensity of these crimes make it an urgent transnational threat.

With Australia setting the precedent of imposing thematic sanctions, and Western powers echoing the move, it is important to consider the implications this will have for the future of cybercrime. 

Collaborative international action against cyberthreats

In addition to imposing a travel ban, Australia’s sanctions against Ermakov also make it a criminal offence to deal with his assets, or to provide him with assets either through ransomware payments or via cryptocurrency. Companies may be unwilling to make ransomware payments to cyber criminals if there is a criminal liability, thereby making the country a less viable target for cyber criminals.

Considering this, can a similar approach on a global level serve as a deterrent to cybercriminals? If multiple countries impose targeted sanctions as part of a unified approach, and make it a criminal offence to provide assets to a designated person, cybercriminals will have less incentive to target those countries. 

Moreover, international coordination through intelligence sharing is also an effective step in dealing with crimes of this nature. Intelligence sharing as an aspect of international coordination can aid in efforts to unmask the identity of cybercriminals and cybergangs. The absence of anonymity greatly hampers the operations of cybercriminals which in itself can serve as a deterrent, as law enforcement agencies can more easily apprehend criminals once they are identified. This identification allows relevant governments to specifically name an individual or entity for targeted sanctions. 

In addition to various governments collaborating effectively, it is also essential to emphasise the importance of cooperation between private and public industries. While the trilateral action of Australia, the US and the UK has set the ball rolling towards a concerted effort against cyber attacks, challenges can arise due to differing organisational structures between the countries.  As a result, it is also important for various actors at both a domestic and international level to engage with each other in order to create a unified response. For instance, stronger cybersecurity measures can be implemented if private organisations work in tandem with governments. This is especially because cybersecurity is not just about compliance and regulations, but it is also about the protection of businesses. Through cooperation, they can aim to create a secure environment where economic growth and innovation can be fostered. By sharing resources and information, and by creating frameworks that take into consideration the risks that cyberattacks pose, the private and public industries can build greater resilience against cyberthreats. 

Given the pervasive nature of cyberthreats, both international coordination and industry collaboration can prove effective in tackling the issue. Moreover, cyberattacks are tied to geopolitics, making it more important for countries to cooperate on a global level and thwart cyberattacks. For instance, as part of their strategy, countries may make use of their cyber capabilities to disrupt critical infrastructure. In the ongoing Russia-Ukraine conflict, for instance, certain state-sponsored cyberthreat actors have targeted organisations that support Ukraine. This includes supply-chain attacks that create further instability. Therefore, building robust defences in the form of coordinated responses against cyberthreats has become an important element in the international security landscape. These coordinated responses and sanctions against cybercriminals can limit access to essential resources and funding, thereby disrupting cybercriminal activities and ultimately, serving as a deterrent. 

Sameera Pillai is pursuing her Master’s in International Relations at the University of Sydney. Her interests include international law, geopolitics, human rights, and gender issues.