The US government has imposed sanctions on two key individuals associated with LockBit, a cybercriminal group accused of orchestrating ransomware attacks targeting victims domestically and abroad.
WASHINGTON, DC - JANUARY 26: Director of the Federal Bureau of Investigation (FBI) Christopher Wray (2nd-R), joined by Attorney General Merrick Garland (C), Assistant Attorney General Lisa Monaco and other law enforcement officials, delivers remarks on an international ransomware enforcement action at the U.S. Justice Department on January 26, 2023 in Washington, DC.
US Sanctions LockBit Affiliates
Artur Sungatov and Ivan Gennadievich Kondratiev, both Russian nationals, have been singled out by the US Treasury following separate indictments by US prosecutors on Tuesday, alleging their involvement with LockBit.
This move comes as part of a concerted effort involving the US Department of Justice, the Federal Bureau of Investigation, and international collaborators to take down LockBit and its affiliates.
US Deputy Secretary of the Treasury Wally Adeyemo emphasized the nation's firm stance against cyber extortion and theft, asserting that the government will utilize all available means to hold accountable those enabling such malicious activities.
The US Treasury alleged that Russia remains a safe haven for cybercriminals, enabling groups like LockBit to carry out ransomware assaults against various targets, including critical infrastructure such as hospitals, educational institutions, and financial establishments.
However, LockBit has insisted in the past that it has no political affiliation and that its sole aim is financial gain.
One notable incident attributed to LockBit by the Treasury was the November 2023 ransomware attack on the Industrial and Commercial Bank of China's (ICBC) US broker-dealer, which resulted in significant disruptions, including the impairment of communications systems and a loss of over $9 billion in Treasury securities-backed assets settlement.
US, UK, and Allies Take Down LockBit
On Tuesday, the US, UK, and its international allies took down LockBit's dark web leak site. The operation, dubbed "Operation Cronus," was made possible by Britain's National Crime Agency, the US Federal Bureau of Investigation, Europol, and a coalition of international police agencies.
LockBit operates on a Ransomware-as-a-Service (RaaS) model, offering its ransomware software to affiliated cybercriminals in exchange for a portion of the ransom payments.
Infamous for its double extortion tactics, LockBit's modus operandi involves exfiltrating substantial volumes of data from victims before encrypting their systems and demanding ransom payments.
According to the Treasury, the group's ransomware variant has been widely deployed globally and continues to pose a significant threat.
In response to the recent sanctions, all assets and interests associated with the designated individuals in the US or under the control of US entities are frozen and must be reported to the Office of Foreign Assets Control (OFAC).
Moreover, any entities owned 50 percent or more by the sanctioned individuals are also subject to blocking. Transactions involving the designated persons are generally prohibited under OFAC regulations unless specifically authorized by a license.
"The United States will not tolerate attempts to extort and steal from our citizens and institutions," said Adeyemo.
"We will continue our whole-of-government approach to defend against malicious cyber activities, and will use all available tools to hold the actors that enable these threats accountable," he added.
Related Article: Russian Ransomware Group BlackCat Seized by US: Decryption Tool Distributed to Over 500 Victims
