US Treasury Targets Russian Ransomware Operators with OFAC Designations

According to Blockworks, the US Treasury's Office of Foreign Assets Control (OFAC) has added several wallet addresses linked to two Russian nationals to its specially designated nationals list. Artur Sungatov and Ivan Kondratyev were indicted on charges related to ransomware deployment and are connected to LockBit, a ransomware group that received over $120 million in ransom payments, according to the Department of Justice (DOJ). OFAC identified 10 wallet addresses tied to Sungatov and Kondratyev. The US collaborated with the UK and other law enforcement agencies worldwide to charge and take action against LockBit. Europol reported that law enforcement agencies from 10 countries worked together to freeze over 200 cryptocurrency accounts linked to the criminal organization, emphasizing the commitment to disrupt the economic incentives driving ransomware attacks. The DOJ designated Sungatov and Kondratyev due to their cyberattacks. The Cybersecurity and Infrastructure Security Agency issued a cybersecurity advisory on LockBit in June, noting that the ransomware variant continued to be prolific in 2023 after becoming the most deployed variant in 2022. LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model, where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Operation Cronos, the takedown effort, took down 34 servers across the Netherlands, US, Finland, France, and the UK. The UK's National Crime Agency took control of the technical infrastructure that allows all elements of the LockBit service to operate, as well as their leak site on the dark web, on which they previously hosted the data stolen from victims in ransomware attacks. Chainalysis reported earlier this month that ransomware payments reached $1 billion in 2023 after declining to $567 million in 2022, marking the highest number ever observed.