The U.S. government has taken a significant step in its efforts to combat ransomware attacks by sanctioning two key members of the Russian-speaking hacking and extortion gang, LockBit. The sanctions, announced on Tuesday, target Artur Sungatov and Ivan Gennadievich Kondratiev, both Russian nationals.

The Sanctions

According to a post on the U.S. Treasury’s website, the two individuals have been accused of involvement with LockBit, which has been responsible for launching ransomware attacks against victims across the U.S. and internationally. The sanctions are part of a broader effort by the U.S. government to disrupt the operations of LockBit and other prolific ransomware gangs.

The Indictment

Sungatov and Kondratiev were separately indicted by U.S. prosecutors on Tuesday for their alleged involvement with LockBit. Kondratiev is also accused of involvement with REvil, RansomEXX, and Avaddon ransomware gangs. The indictment alleges that the two individuals played a significant role in the operation of LockBit and were responsible for facilitating ransom payments to victims.

The Impact

The imposition of sanctions on Sungatov and Kondratiev makes it more difficult for them to profit from their activities, as U.S. businesses or individuals are now prohibited from paying or otherwise transacting with those named by the sanctions. This tactic is typically used to discourage American victims from paying a hacker’s ransom.

The Consequences of Violating Sanctions

Those who are caught violating U.S. sanctions law can face severe consequences, including hefty fines and criminal prosecution. Security researchers say that sanctioning individual hackers like Sungatov and Kondratiev is more effective than targeting groups that can rebrand or change names to skirt sanctions.

Disrupting LockBit’s Operations

The sanctions were announced hours after U.S. and U.K. authorities announced a global law enforcement operation aimed at disrupting LockBit’s infrastructure and operations. The authorities seized LockBit’s infrastructure on the gang’s own dark web leak site, which was previously used to publish victims’ stolen data unless a ransom was paid.

LockBit’s Activities

U.S. prosecutors accuse LockBit’s operators of using ransomware in more than 2,000 cyberattacks against victims in the U.S. and worldwide, making some $120 million in ransom payments since it was founded in 2019. LockBit has taken credit for hundreds of hacks over the years, including California’s Department of Finance, the U.K. postal service Royal Mail, and U.S. dental insurance giant MCNA, affecting millions of individuals’ personal information.

Previous Actions Against LockBit

This is not the first time that the U.S. government has taken action against LockBit. In February 2022, the Department of Justice announced charges against three individuals accused of being members of LockBit. The indictment alleged that they were responsible for hacking into computer systems and demanding ransom payments from victims.

The Ongoing Battle Against Ransomware

The sanctions on Sungatov and Kondratiev are a significant development in the ongoing battle against ransomware attacks. As cybersecurity threats continue to evolve, it is essential for governments and law enforcement agencies to work together to disrupt the operations of malicious groups like LockBit.

Related Developments

• In March 2022, the U.S. Department of Justice announced charges against a Russian national accused of being a member of REvil, another prolific ransomware gang.
• In January 2023, the European Union’s law enforcement agency, Europol, announced that it had disrupted the operations of the Conti ransomware gang.

Conclusion

The sanctions on Sungatov and Kondratiev are an important step in disrupting the operations of LockBit and other malicious groups. As cybersecurity threats continue to evolve, it is essential for governments and law enforcement agencies to work together to protect individuals and businesses from these threats.