OFAC flagged ten wallet addresses associated with two LockBit-affiliated individuals.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has listed numerous wallet addresses associated with two Russian individuals on its Specially Designated Nationals List.

Artur Sungatov and Ivan Kondratyev, who face charges related to the deployment of the ransomware, are associated with LockBit, a ransomware group that has reportedly stolen more than $120 million in extortion funds, according to the U.S. Department of Justice.

Kondratiev served as a LockBit affiliate and leader of an affiliated subgroup, the National Hazard Society, while Sungatov was also actively involved in LockBit ransomware attacks and was an affiliate.

US and UK cooperate to combat LockBit

The United States, in collaboration with UK and international law enforcement agencies, is taking legal action against LockBit in an effort to hold the organization accountable for its actions.

According to an official press release, the Russian ransomware group LockBit first emerged in 2019 and is known for its ransomware variants of the same name.

LockBit operates a ransomware as a service (RaaS) model. It licenses its ransomware to affiliated cybercriminals in exchange for a portion of the ransom payment and is known for its double-extortion tactics whereby the cybercriminals encrypt the victim's computer system and demand a ransom payment before stealing large amounts of data from the victim.

LockBit was the most deployed ransomware variant worldwide in 2022 and is still active today.

OFAC’s investigation confirmed that LockBit was responsible for the ransomware attack on ICBC that occurred on November 9, 2023. The ransomware attack disrupted ICBC’s U.S. securities brokerages and affected the settlement of more than $9 billion worth of assets backed by Treasury securities.

The ransomware attack crippled ICBC’s computer systems, resulting in the loss of emails and communications. ICBC was unable to access its systems, resulting in securities deliveries being settled without the funds to support the trades.

Meanwhile, Europol reported that the UK’s National Crime Agency took over the “technical infrastructure” supporting LockBit’s services, including their dark web leak sites for data that was stolen from victims during the ransomware attacks.

Ransomware surges

According to recent data analysis by Chainalysis, ransomware payments exceeded $1 billion in 2023, a record high despite a decline in 2022.

However, there was a clear increase in the frequency, size, and severity of ransomware attacks in 2023. Experts observed that these attacks were carried out by different entities, ranging from large criminal groups to smaller groups and individual actors, and experts noticed an increase in their number.