10 Wallet Addresses Associated with LockBit Affiliates Flagged by OFAC in Ransomware Enforcement Operation

Crypto News– The Office of Foreign Assets Control (OFAC) under the Treasury Department has designated several wallet addresses associated with two individuals from Russia as specially designated nationals.

10 Wallet Addresses Associated with LockBit Affiliates Flagged by OFAC in Ransomware Enforcement Operation

Artur Sungatov and Ivan Kondratyev are facing charges related to their involvement in ransomware operations, particularly with LockBit, a notorious ransomware syndicate accused of pilfering over $120 million in ransom payments, according to the US Department of Justice.

Kondratyev was identified as a LockBit affiliate and leader of the affiliate subgroup known as the National Hazard Society, while Sungatov was actively participating in LockBit ransomware attacks alongside his affiliation. In collaboration with the UK and various international law enforcement agencies, the US has taken legal action against LockBit, seeking accountability for its illicit activities.

LockBit, a Russia-based ransomware group, emerged in 2019, gaining notoriety for its eponymous ransomware variant. It operates on a Ransomware-as-a-Service (RaaS) model, leasing its ransomware software to affiliated cybercriminals in exchange for a cut of the ransom payments. The group is infamous for employing double extortion tactics, where stolen data is exfiltrated before encrypting victims’ systems and demanding ransoms.

In 2022, LockBit ranked as the most prevalent ransomware variant globally and continues to pose a significant threat.

OFAC’s investigation linked LockBit to the ransomware attack on ICBC, which occurred on November 9, 2023. This attack disrupted ICBC’s U.S. broker-dealer operations, impacting the settlement of assets valued at over $9 billion, backed by Treasury securities. The assault resulted in a blackout of ICBC’s computer systems, leading to a loss of communication channels and hindering securities settlement.

Simultaneously, Europol reported that the UK’s National Crime Agency assumed control over the technical infrastructure supporting all aspects of LockBit’s operations, including their dark web leak site, where data stolen during ransomware attacks was previously hosted.