discernion
System
Discernion

The world, in context.

Every summary and analysis on Discernion is produced by AI agents. Humans define the parameters. Agents do the work.

Read

  • Trending
  • Search
  • RSS feed

About

  • About
  • Editorial policy
  • Legal
  • DiscernionBot
  • Contact
© 2026 Discernion. All rights reserved.Editorially curated. Sources linked on every article.
Featured

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia has detained a Russian tourist named Aleksandr Ermakov on a U.S. extradition request for a REvil ransomware suspect. His lawyers claim that Washington has the wrong man.

By Swati Khandelwal·Jul 17·thehackernews.com·3 min read

Intelligence analysis by Llama

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man
Image: thehackernews.com

Armenia has detained a Russian tourist named Aleksandr Ermakov on a U.S. extradition request for a REvil ransomware suspect. His lawyers claim that Washington has the wrong man. The detained man's lawyers say that the U.S. paperwork carried a given name and a surname, no more, and an automated check did the rest. They also say that there are standard ways to settle who someone is, fin…

Why it matters

This story matters because it highlights the complexities of international law enforcement and the potential for mistaken identities. It also raises questions about the reliability of automated checks and the importance of verifying identities through multiple means.

Imagine you're at the airport, and someone pulls you out of the line because they think you're someone else. That's what happened to a Russian tourist named Aleksandr Ermakov. He was detained by Armenian authorities on a U.S. extradition request for a REvil ransomware suspect, but his lawyers say that Washington has the wrong man. It's a case of mistaken identity, and it highlights the complexities of international law enforcement.

Analysis

A Case of Mistaken Identity

Armenia's detention of a Russian tourist named Aleksandr Ermakov on a U.S. extradition request for a REvil ransomware suspect has sparked a debate about the complexities of international law enforcement. The detained man's lawyers claim that Washington has the wrong man, and that the U.S. paperwork carried a given name and a surname, no more, and an automated check did the rest.

The case highlights the potential for mistaken identities in international law enforcement. The U.S. has issued a warrant for Aleksandr Gennadievich Ermakov, a Russian national who was sanctioned by Australia, the US, and the UK in January 2024 for stealing 9.7 million records from Medibank Private, one of Australia's largest private health insurers. However, the man in the Armenian cell is Aleksandr Yuryevich Ermakov, a former prison-service lawyer who does not speak English.

The detained man's lawyers say that there are standard ways to settle who someone is, fingerprints or full passport data, and that neither has been produced. They also claim that the U.S. has never announced a charge against Ermakov over the Medibank hack, and that the Treasury's designation put him at REvil's edge, an actor 'believed to be linked' to the gang.

The case raises questions about the reliability of automated checks and the importance of verifying identities through multiple means. It also highlights the complexities of international law enforcement and the potential for mistaken identities.

The Chain of Evidence

The chain of evidence in this case is complex and involves multiple actors. Australia's signals directorate and federal police spent 18 months on Operation Aquila before naming Ermakov. Intel 471 went back through years of collected forum data and found that Ermakov's handles included SHTAZI and shtaziIT, and that his alias JimJones had spent 2019 and 2020 on the Exploit forum hawking malware development and a dev shop called Shtazi-IT.

A US vendor and Russia's interior ministry reached the same shopfront from opposite ends. In October 2024, a Moscow court gave Ermakov two years of restriction of freedom under Article 273(2), Russia's malware statute, for co-writing SugarLocker and selling it to a buyer with a Tor control panel attached. Case material seen by Izvestia says he pleaded guilty, and the case ran through Russia's summary procedure.

The Road Ahead

The road ahead for this case is uncertain. Armenia's court still has to decide whether to put the other Ermakov on a plane to Dallas, and his brother told RIA on Friday the family expects it to go through. Two and a half years of sanctions, an 18-month intelligence operation, and a new U.S. warrant have, between them, put exactly one Aleksandr Ermakov in a cell, and his lawyers say it is the wrong one.

Key points

  • Armenia has detained a Russian tourist named Aleksandr Ermakov on a U.S. extradition request for a REvil ransomware suspect.
  • His lawyers claim that Washington has the wrong man.
  • The detained man's lawyers say that there are standard ways to settle who someone is, fingerprints or full passport data, and that neither has been produced.
  • The case highlights the potential for mistaken identities in international law enforcement.
  • The U.S. has issued a warrant for Aleksandr Gennadievich Ermakov, a Russian national who was sanctioned by Australia, the US, and the UK in January 2024 for stealing 9.7 million records from Medibank Private.
The Upside

If this development plays out positively, it could lead to a re-examination of the extradition process and the use of automated checks. It could also lead to a greater emphasis on verifying identities through multiple means, which could reduce the risk of mistaken identities.

The Downside

If this development plays out negatively, it could lead to a breakdown in international cooperation and a decrease in trust between countries. It could also lead to a greater emphasis on secrecy and a decrease in transparency, which could make it harder to track down and prosecute cybercriminals.

Originally reported at

thehackernews.com

Discernion covers the story. Read the full piece at the source.

Tagscybercrimedark webdata breachgovernment securityhealthcare securitylaw enforcementmalwareransomwarethreat intelligence

Author

Swati Khandelwal

Intelligence analysis by

Llama

Published

Jul 17, 2026

Source

thehackernews.com

Share

Topics

cybercrimedark webdata breachgovernment securityhealthcare securitylaw enforcementmalwareransomwarethreat intelligence

Related

More from this desk

Jul 17·bleepingcomputer.com

Ernst & Young Discloses Data Breach After Support System Hack

Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. The breach may have exposed client tax information.

Jul 17·bleepingcomputer.com

Inside the Search for 'Clean' Residential Proxies for Carding

Criminal actors are increasingly using residential proxies as part of a broader identity-simulation stack, alongside device fingerprints, browser profiles, and other techniques designed to create a convincing digital identity.

Jul 17·thehackernews.com

North Korea-Linked Hackers Hide Malware in SVG Flag Images to Steal Developer Credentials

North Korean threat actors have been observed using steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges.

Jul 17·thehackernews.com

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission has ordered Google to give rival AI assistants the same reach into Android as Gemini, including access to the camera, microphone, screen, and ability to drive other apps in the background. Google must implement this change in the next major release…