LockBit members face US sanctions following ransomware takedown

The U.S. government has imposed sanctions on two prominent members of LockBit, a Russian-speaking hacking and extortion group accused of launching ransomware attacks targeting victims in the U.S. and worldwide.

In an announcement on Tuesday, the U.S. Treasury revealed that it is sanctioning Artur Sungatov and Ivan Gennadievich Kondratiev, both Russian nationals, who were separately indicted by U.S. prosecutors for their alleged involvement with LockBit.

Kondratiev is additionally implicated in activities related to REvil, RansomEXX, and Avaddon ransomware gangs.

U.S. Deputy Secretary of the Treasury Wally Adeyemo emphasized, “The United States will not tolerate attempts to extort and steal from our citizens and institutions.” He pledged to pursue a comprehensive strategy to counter malicious cyber activities and hold those enabling such threats accountable.

These sanctions prohibit U.S. businesses or individuals from engaging in transactions with the sanctioned individuals, aiming to dissuade American victims from paying ransom to hackers.

Targeting individuals behind cyberattacks makes it harder for them to profit from ransomware, as opposed to targeting groups that can easily rebrand or change names to evade sanctions.

Violation of U.S. sanctions laws, such as companies paying sanctioned hackers, can result in significant fines and criminal prosecution.

The sanctions were imposed shortly after U.S. and U.K. authorities announced a joint global law enforcement operation to disrupt LockBit’s infrastructure and activities. Authorities also seized LockBit’s infrastructure on the group’s dark web leak site, previously used to publish victims’ data unless ransom was paid.