The US Treasury has imposed sanctions on two Russian individuals, Artur Sungatov and Ivan Gennadievich Kondratiev, identified as key members of LockBit, a Russian-speaking hacking group. The group has been blamed for international and domestic ransomware attacks.
Both individuals were indicted by US prosecutors for their alleged involvement with LockBit. Additionally, Kondratiev is accused of affiliations with REvil, RansomEXX, and Avaddon, other prominent ransomware groups.
The sanctions make it illegal for US entities or citizens to transact or pay those named by the sanctions, a strategy aimed at discouraging victims from paying ransoms. Companies found guilty of breaching US sanctions law could be subject to fines and criminal prosecution.
These sanctions were announced shortly after a joint US and UK operation aimed at destabilizing LockBit’s infrastructure and operations.
US prosecutors have accused LockBit, a hacking group, of carrying out over 2,000 cyberattacks globally, raking in an estimated $120 million since its establishment in 2019. Notable victims include California’s Department of Finance, Royal Mail in the UK, and dental insurance giant MCNA in the US.
The recent sanctions against key members of LockBit follows the 2022 arrest of Russian-Canadian dual national Mikhail Vasiliev and the 2023 capture of Ruslan Magomedovich Astamirov on similar allegations. Both are awaiting trial. Another suspect, Russian Mikhail Pavlovich Matveev, implicated in various ransomware operations, including LockBit, is still at large and was sanctioned by the US in 2023. A $10 million reward is offered for information leading to his arrest.
The alleged LockBit ringleader, known as LockBitSupp, is yet to be named, but further information and details of a $10 million bounty for their identification or location will reportedly be released soon. The US doesn’t prohibit ransom payments to hackers, despite the FBI’s advice against doing so, as it could encourage future attacks.
