U.S. Bans Crypto Addresses Tied to LockBit Ransomware Group From Financial System
-
The Office of Foreign Asset Control named two Russian nationals and identified 10 bitcoin and ether addresses after an international operation gained control of the organization’s website.
-
Law enforcement agencies said they will distribute decryption keys to victims.
The U.S. Treasury Department’s sanctions watchdog added nearly a dozen bitcoin and ether addresses to its global blacklist, alleging they were used by ransomware purveyors.
The Office of Foreign Asset Control (OFAC) named Artur Sungatov and Ivan Kondratyev, two Russian nationals indicted on charges tied to the deployment of ransomware, and identified 10 bitcoin and ether addresses (none of which containing any funds as of press time), in a statement on Tuesday, banning U.S. entities from providing any kind of financial services to the two. According to OFAC and the U.S. Department of Justice, they are part of the LockBit ransomware group, one of the world’s most prolific ransomware distributors accused of stealing more than $120 million from over 2,000 victims in the past few years.
Ransomware attacks let malicious actors lock victims out of their computers and networks unless they pay a fee, often in cryptocurrency.
An international effort by the DOJ, Europol, the U.K. National Crime Agency and agencies in several other countries seized LockBit’s website and various pages earlier this week in an effort dubbed Operation Cronos. The law enforcement agencies announced they would be distributing decryption keys to victims, allowing them to regain access to their devices.
According to a press release from Europol, more than 200 cryptocurrency accounts tied to LockBit have been frozen, while authorities in the U.S., U.K. and EU have all seized various parts of the ransomware group’s infrastructure.
Some of the addresses listed by OFAC on Tuesday were deposit addresses for KuCoin, Coinspaid and Binance, according to data from Arkham Intelligence.
LockBit’s victims included municipal entities and private companies around the world.
“The LockBit ransomware variant, like other major ransomware variants, operates in the ‘ransomware-as-a-service’ (RaaS) model, in which administrators, also called developers, design the ransomware, recruit other members — called affiliates — to deploy it, and maintain an online software dashboard called a ‘control panel’ to provide the affiliates with the tools necessary to deploy LockBit,” the DOJ press release said.