OFAC Flags 10 Wallet Addresses Linked to LockBit Affiliates in Ransomware Crackdown

The Treasury Department’s Office of Foreign Assets Control (OFAC) included numerous wallet addresses associated with two individuals from Russia in its list of specially designated nationals.

Artur Sungatov and Ivan Kondratyev faced charges linked to the deployment of ransomware, with their affiliation to LockBit, a ransomware syndicate that reportedly stole more than $120 million in ransom funds, as per the US Department of Justice.

Kondratiev served as a LockBit affiliate and leader of the affiliate sub-group, the National Hazard Society, while Sungatov was also actively engaged in LockBit ransomware attacks in addition to being an affiliate.

US, UK Collaborate Against LockBit

Collaborating with the UK and various international law enforcement bodies, the US pursued legal action against LockBit, aiming to hold the group accountable for its actions.

According to the official press release, Russia-based ransomware group LockBit was first observed in 2019, best known for its ransomware variant of the same name.

It operates on a Ransomware-as-a-Service (RaaS) model. It licenses its ransomware software to affiliated cybercriminals in exchange for a percentage of the paid ransoms and is known for its double extortion tactics, where its cybercriminals exfiltrate vast amounts of data from its victims before encrypting the victim’s computer systems and demanding ransom payments.

LockBit was the most deployed ransomware variant globally in 2022 and remains prolific today.

OFAC’s investigation identified LockBit as responsible for the ransomware attack on ICBC, which occurred on November 9, 2023. The ransomware attack disrupted ICBC’s U.S. broker-dealer, affecting the settlement of over $9 billion worth of assets backed by Treasury securities.

The ransomware attack caused a blackout of ICBC’s computer systems, resulting in a loss of e-mail and communications. ICBC’s inability to access its systems caused securities to be delivered for settlement with no funds backing the trades.

Meanwhile, Europol reported that the UK’s National Crime Agency took control over the “technical infrastructure” supporting all facets of the LockBit service, including their dark web leak site where data stolen from victims during ransomware attacks was previously hosted.

Ransomware Soar

According to a recent analysis by Chainalysis, ransomware payments surpassed $1 billion in 2023, marking a record high despite a decline in 2022.

2023, however, witnessed a notable surge in the frequency, scale, and magnitude of ransomware attacks. These attacks were found to have been perpetrated by diverse entities, ranging from large criminal syndicates to smaller groups and individual actors, with experts observing a rise in their numbers.