The United States, Britain and Australia unveiled sanctions Tuesday against the leader of the Russian ransomware outfit LockBit, which they accuse of extorting billions of dollars from thousands of victims.
The measures announced Tuesday are the latest in a long-running legal and technological battle against LockBit by law enforcement agencies around the world aimed at disrupting its activities.
The US Treasury Department said it was designating Dmitry Khoroshev for developing and distributing the software, which has been used against a number of American targets — including a hospital in Chicago.
“Today’s action sends a clear message that the United States and its partners around the world are committed to dismantling the ransomware ecosystem,” Brian Nelson, the Treasury’s under secretary for terrorism and financial intelligence, said in a statement.
Alongside the Treasury, the US State Department announced rewards of up to $15 million for information about the company.
The UK government also said it had also sanctioned Khoroshev, in conjunction with the United States and Australia.
The group was responsible for a quarter of all ransomware attacks worldwide last year, and has extorted “over $1 billion from thousands of victims globally,” the UK government said in a statement.
“LockBit orchestrated a malicious online campaign, illegally stealing and using sensitive data to extract billions of dollars from business and individuals,” it said, adding that more than 200 British businesses had been targeted.
Concurrently, the US Department of Justice unsealed charges Tuesday against Khoroshev, 31, for his role running LockBit.
Khoroshev, a Russian national, was indicted on 26 counts by a grand jury in New Jersey, the DOJ said in a statement.
“Earlier this year, the Justice Department and our UK law enforcement partners disrupted LockBit,” US Attorney General Merrick Garland said. “Today we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme.”
Europol, the European Union’s law enforcement agency, said the sanctions announced Tuesday were part of a concerted global campaign to “severely damage the capability and credibility of the LockBit ransomware group.”
“The true impact of LockBit’s criminality was previously unknown, but data obtained from their systems showed that more than 7,000 attacks were built using their services between June 2022 and February 2024,” it said in a statement.
The top five countries hit by LockBit were the United States, Britain, France, Germany and China, it added.