Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker

Armenian authorities have detained Russian tourist Aleksandr Ermakov since June 28, following a U.S. extradition request alleging his involvement with the REvil ransomware group. Ermakov’s wife, Maria Yurova, recounted that border officials at Yerevan’s Zvartnots airport identified him using a photo from his VKontakte profile before taking him into custody. His legal team contends that the U.S. has mistaken him for another individual.

The U.S. seeks the extradition of Aleksandr Gennadievich Ermakov, who was sanctioned in January 2024 by Australia, the U.S., and the UK for his role in the 2022 Medibank Private data breach, which compromised 9.7 million records. This individual is reportedly serving a two-year sentence in Russia, restricting his travel. Conversely, the detained man is identified as Aleksandr Yuryevich Ermakov from Omsk, a former prison-service lawyer with no English proficiency.

The charges against the detained Ermakov pertain to alleged participation in Sodinokibi/REvil ransomware attacks between April 2019 and July 2021, affecting over 1,000 entities, including private companies, government offices, and healthcare facilities, some located in the Northern District of Texas. An Interpol notice further describes him as a platform administrator who profited over $13.7 million from these activities.

Notably, the Medibank breach occurred in October 2022, outside the timeframe of the alleged activities. The U.S. has not publicly charged Ermakov in connection with this incident. The U.S. Treasury’s designation describes him as “believed to be linked” to REvil, while the Interpol notice suggests a more central role.

Russian passports include a patronymic name, which distinguishes individuals with common names. Australia’s sanctions list specifies “Aleksandr Gennadievich Ermakov,” born May 16, 1990. However, the U.S. Office of Foreign Assets Control (OFAC) listing omits the patronymic, potentially leading to identification errors.

Defense attorney Dylan Rajavi suggests that the U.S. warrant may have lacked the patronymic, causing an automated system to misidentify his client. He emphasizes that standard identification methods, such as fingerprinting or full passport data, have not been utilized to confirm his client’s identity.

Armenian officials have not commented publicly, and the U.S. Department of Justice has not announced formal charges. The detained individual remains in custody under a 30-day Interpol detention order, while Russian authorities seek consular access.

This case underscores the complexities of international law enforcement cooperation and the critical importance of precise identification in extradition proceedings. The reliance on incomplete personal data can lead to significant legal and diplomatic challenges, highlighting the need for meticulous verification processes in cross-border criminal investigations.