KEY POINTS
- Kondratiev had 9 banned crypto wallets, while Sungatov had 1 digital currency address
- US citizens are prohibited from transacting with the banned addresses
- A LockBit dark-web site used to extort victims was seized by authorities
The U.S. Treasury Department's Office of Foreign Asset Control (OFAC) on Tuesday blacklisted 10 Bitcoin and Ether addresses under the names of two people, stating that these addresses were associated with LockBit, the world's most infamous ransomware group.
OFAC's latest specially designated nationals (SDNs) list contains the names of two Russian nationals: Artur Sungatov and Ivan Kondratiev, who were indicted on charges related to ransomware deployment. A total of nine cryptocurrency wallet addresses were attached to Kondratiev's name in the Treasury designation, while one crypto address was linked to Sungatov.
At the same time, the U.S. Treasury released a statement on the matter, warning that it will hold accountable all actors that enable malicious cyber activities.
The Treasury also said in a press release that the designation of Sungatov and Kondratiev were just "the first in an ongoing collaborative effort with the U.S. Department of Justice (DOJ), Federal Bureau of Investigation (FBI), and our international partners targeting LockBit."
Tuesday's actions mean all U.S. properties and "interests in property" of Sungatov and Kondratiev have been blocked and must be reported accordingly to the OFAC. The same applies to properties of the designated persons in the possession or control of U.S. citizens.
American citizens are also barred from transacting with the two designated persons. The OFAC warned that any person found engaging in certain transactions with the two "may themselves be exposed to designation." Only those authorized by OFAC to transact with Sungatov and Kondratiev are exempted.
More than 2,000 victims have fallen prey to LockBit attacks in the U.S. and around the world, "making at least hundreds of millions of U.S. dollars in ransom demands and receiving over $120 million in ransom payments," the DOJ said in a press release that announced the seizure of some global infrastructure belonging to the ransomware gang.
Following the seizure of a dark-web site that LockBit used to extort its many victims, Attorney General Merrick B. Garland said the DOJ "obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data."
Britain's National Crime Agency (NCA) is also cooperating with the FBI and other international partners. It has developed decryption abilities "that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant," as per the DOJ.
Europol, the European Union's law enforcement agency, said in a Tuesday statement that authorities froze "more than 200 cryptocurrency accounts" linked to LockBit, which the agency describes as "the world's most prolific and harmful ransomware" group that has caused billions of euros in damage.