An alleged leader of the international ransomware group LockBit has been hit with financial sanctions and banned from travelling to Australia.
The Australian government named Dmitry Yuryevich Khoroshev, a Russian citizen, as having a “senior leadership role” in a criminal group that supplied a global network of hackers with the tools and infrastructure to carry out online attacks.
The announcement was made overnight in co-ordination with authorities in the UK and the US.
LockBit was behind 18% of reported Australian ransomware attacks in 2022-23 and targeted 119 people in Australia, the government said.
UK authorities said Khoroshev was the person behind the alias LockBitSupp while US authorities unsealed an indictment against him alleging he “acted as the LockBit ransomware group’s developer and administrator from its inception in or around September 2019” until this month.
“Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behaviour, and holding accountable those who flout the rules,” said Australia’s foreign affairs minister, Penny Wong.
“Sanctions impose costs and consequences on individuals for their actions – we will continue to use them where and when appropriate.”
A new sanction under Australia’s cyber sanctions framework makes it a criminal offence to provide assets to Khoroshev or to use or deal with his assets.
after newsletter promotion
UK authorities say more than 7,000 online attacks had been built using LockBit’s services between June 2022 and February 2024, with the top five countries hit being the US, the UK, France, Germany and China.
Law enforcement agencies from several countries first disrupted LockBit in February, taking over the group’s darkweb site.