US charges two Russian nationals in LockBit ransomware case amid global crackdown

The indictments coincide with a significant takedown of LockBit in a joint operation by US, UK, and other international law enforcement agencies

US charges two Russian nationals in LockBit ransomware case amid global crackdown

Image:
US charges two Russian nationals in LockBit ransomware case amid global crackdown

The United States Department of Justice (DOJ) on Tuesday unsealed indictments against two alleged members of the LockBit ransomware group, as part of a broader global operation aimed at dismantling the criminal enterprise.

With these charges, the total number of LockBit members indicted by the DOJ in connection to the global ransomware campaign now stands at five.

The latest indictments charge Russian nationals Ivan Kondratyev and Artur Sungatov with deploying the notorious LockBit ransomware against numerous victims globally, including businesses and municipalities.

Kondratyev and Sungatov are still on the loose.

Sungatov allegedly targeted manufacturing, insurance, logistics, and other companies primarily located in states such as Indiana, Florida, Minnesota, Puerto Rico, Wisconsin, and New Mexico, since at least January 2021.

Similarly, Kondratyev, operating under the alias "Bassterlord," allegedly deployed LockBit ransomware against private and municipal entities in New York, Oregon and Puerto Rico, as well as targets in Taiwan, Singapore and Lebanon, starting from August 2021.

Kondratyev also faces charges in the Northern District of Californian for his involvement in encrypting data, exfiltrating victim information, and extorting ransom payments from a corporate victim based in California.

The indictments tie Sungatov and Kondratyev to the broader LockBit conspiracy, implicating them alongside Russian nationals Mikhail Vasiliev and Mikhail Pavlovich Matveev, as well as other unidentified members.

Matveev, targeted in indictments unsealed in Washington, DC, and the District of New Jersey in May 2023, faces charges related to various ransomware attacks, including those involving LockBit. He is also still at large.

Notably, Matveev is the subject of a reward of up to $10 million through the US Department of State's Transnational Organized Crime Rewards Program.

Vasiliev, a dual Russian-Canadian national, was charged in November 2022 for his involvement in the LockBit campaign. He is currently detained in Canada awaiting extradition to the United States.

Furthermore, Ruslan Magomedovich Astamirov, another Russian national, was charged in June 2023 for his participation in the LockBit conspiracy and awaits trial in the United States.

The indictments coincide with a significant takedown of LockBit in a joint operation by US, UK, and other international law enforcement agencies, resulting in the destruction of much of the group's infrastructure and the acquisition of decryption keys to aid victims.

A statement posted on the group's website on Monday said, "This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

While two arrests were announced in Ukraine and France, the identities of those detained were not disclosed.

The LockBit gang, known for its brazen ransomware attacks, has wreaked havoc on organisations worldwide, including the UK's Royal Mail and private security firm Zaun.

According to the DOJ, the gang has targeted over 2,000 victims globally, raking in more than $120 million in ransom payments and demanding hundreds of millions more.

Attorney General Merrick Garland highlighted the collaborative effort between US and UK authorities in dismantling LockBit, asserting that this operation marks another success in combating ransomware threats.

Graeme Biggar, the director general of the NCA, stated that LockBit did not receive direct support from the Russian state, although cybercrime against other nations is allowed to persist within the country.

"As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity," he added.