The US government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims in the US and internationally.
In a post on Tuesday, the US Treasury Department confirmed that it is imposing sanctions on two Russian nationals, Artur Sungatov and Ivan Gennadievich Kondratiev.
Sungatov and Kondratiev were separately indicted by US prosecutors on Tuesday for their alleged involvement with LockBit.
Kondratiev is also accused of involvement with ransomware gangs REvil, RansomEXX and Avaddon.
“The United States will not tolerate attempts to extort and steal from our citizens and institutions,” said US Deputy Treasury Secretary Wally Adeyemo. in a statement. “We will continue our whole-of-government approach to defending against malicious cyber activity and use all available tools to hold accountable those who enable these threats.”
The newly imposed sanctions mean it is now illegal for US businesses or individuals to pay or otherwise deal with those named in the sanctions, a tactic commonly used to discourage American victims from paying hacker ransoms.
Sanctioning the people behind cyber attacks makes it harder for individual hackers to profit from ransomware, rather than targeting groups that can rebrand or change names to circumvent sanctions.
Those caught violating US sanctions laws, such as companies paying a sanctioned hacker, can face heavy fines and criminal prosecution.
The sanctions were dropped hours after US and UK authorities announced a global law enforcement operation aimed at disrupting LockBit’s infrastructure and operations. Authorities announced the seizure of LockBit’s infrastructure on the gang’s own dark leak website, which the group previously used to publish stolen victim data unless a ransom was paid.
U.S. prosecutors accuse LockBit’s operators of using ransomware in more than 2,000 cyberattacks against victims in the U.S. and worldwide, paying about $120 million in ransom payments since its inception in 2019.
LockBit has taken credit for hundreds of hacks over the years, including the California Department of Finance, the UK Postal Service and US dental insurance giant MCNA, affecting the personal information of millions of people.
The US sanctions announced on Tuesday are the latest round of actions targeting the hackers behind LockBit and other prolific ransomware gangs.
In 2022, Russian-Canadian dual citizen Mikhail Vasiliev was arrested for allegedly launching multiple LockBit ransomware attacks. A year later, US authorities arrested Ruslan Magomedovich Astamirov on similar charges. Both suspects remain in custody pending trial.
A third suspect, Russian national Mikhail Pavlovich Matveev, was charged with involvement in several ransomware operations, including LockBit. Matveev, who remains at large, was placed under US sanctions in 2023, preventing US victims from paying ransom to him or affiliated ransomware gangs, including Hive and Babuk. The US government also has a $10 million reward for information leading to Matveev’s arrest.
In its announcement on Tuesday, the US government has not yet named the suspected leader of LockBit, who goes by the name LockBitSupp. Dark web leak site LockBit says law enforcement plans to release more information about the alleged ringleader on Friday, including details of a $10 million reward for information leading to his location or identification.
Aside from sanctions, the US does not prohibit or otherwise restrict victims from paying ransoms, although the FBI has long advised victims not to pay hackers for fear of perpetuating future cyber attacks. Security researchers say ransomware victims who pay ransoms are more likely to suffer subsequent ransomware attacks.
Read more at TechCrunch:
