WASHINGTON — Today, the United States is designating two individuals who are affiliates of the Russia-based ransomware group LockBit. This action is the first in an ongoing collaborative effort with the U.S. Department of Justice, Federal Bureau of Investigation, and our international partners targeting LockBit.
“The United States will not tolerate attempts to extort and steal from our citizens and institutions,” said Deputy Secretary of the Treasury Wally Adeyemo. “We will continue our whole-of-government approach to defend against malicious cyber activities, and will use all available tools to hold the actors that enable these threats accountable.”
Russia continues to offer safe harbor for cybercriminals where groups such as LockBit are free to launch ransomware attacks against the United States, its allies, and partners. These ransomware attacks have targeted critical infrastructure, including hospitals, schools, and financial institutions. Notably, LockBit was responsible for the November 2023 ransomware attack against the Industrial and Commercial Bank of China’s (ICBC) U.S. broker-dealer. The United States is a global leader in the fight against cybercrime and is committed to using all available authorities and tools to defend Americans from cyber threats. In addition to the actions announced today, the U.S. government provides critical resources to support potential victims in protecting against and responding to ransomware attacks. For example, last year, the Cybersecurity & Infrastructure Security Agency in conjunction with other U.S. Departments and Agencies and foreign partners published two cybersecurity advisories, “
Understanding Ransomware Threat Actors: LockBit” and “
LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability.” These advisories detail the threats posed by this group and provide recommendations to reduce the likelihood and impact of future ransomware incidents.
This action follows other recent actions taken by the U.S. against Russian cybercriminals, including the recent trilateral designation of Alexander Ermakov, a Russian national involved in the 2022 ransomware attack against Medibank Private Limited, in coordination with Australia and the United Kingdom and last year’s bilateral
sanctions actions against the Trickbot Cybercrime Group with the United Kingdom. Russia has enabled ransomware attacks by cultivating and co-opting criminal hackers. Treasury has previously stressed that Russia must take concrete steps to prevent cyber criminals from freely operating in its jurisdiction. Today’s actions reflect the United States’ commitment to combatting cybercrime and pursuing the bad actors that target victims across the United States, its allies, and its partners.
