Global Criminal Ransomware Group LockBit Investigated by AFP, Russian Member Penalized

Article: The Australian Federal Police (AFP) continues its investigation into the global criminal ransomware group LockBit, following the imposition of financial sanctions and a travel ban on Dmitry Yuryevich Khoroshev, a Russian member of the group. The sanctions were imposed by the Australian, US, and UK governments, highlighting the serious nature of the group’s activities. This marks the second use of Australia’s thematic autonomous cyber sanctions framework, with the first being the sanction on Alexander Ermakov for his role in the cyber attack on Medibank Private.

LockBit is known for its off-the-shelf ransomware products sold to cyber criminals. The AFP’s domestic investigation, Operation Orcus Junkers, began in November 2021 and is working in conjunction with international law enforcement under Operation Cronos, led by the National Crime Agency. The investigation aims to address the 119 reported crimes involving Australian businesses and individuals targeted by LockBit, resulting in significant data exfiltration and encryption.

The AFP, along with its partners, is working closely with Australian LockBit victims and assisting overseas law enforcement to build a global case against the ransomware group. Acting Assistant Commissioner Chris Goldsmid emphasized the importance of publicly naming Khoroshev as it undermines his credibility among cyber criminals and warns potential collaborators of potential law enforcement action.

LockBit has caused billions of dollars in damages globally, including millions lost by Australian individuals and businesses. The AFP, in collaboration with international partners, has been actively dismantling the LockBit network through the sharing of information, analysis of evidence, and joint operations. In February, Operation Cronos disrupted LockBit’s critical infrastructure, seizing control of its primary platform and servers across multiple countries.

Law enforcement froze the group’s unlawful profits, including over 200 cryptocurrency accounts allegedly owned by LockBit members. The ongoing investigation into LockBit demonstrates the commitment of the AFP and its partners in combating cyber threats, particularly ransomware groups. Operation Aquila was established to prioritize investigations into cybercriminal syndicates, including LockBit and BlackCat ransomware groups.

The AFP’s efforts in investigating and disrupting LockBit highlight the importance of international collaboration and the use of advanced cyber investigative techniques. As the investigation into LockBit continues, further operational details cannot be disclosed at this time. However, this significant action against LockBit sends a strong message to cyber criminals that law enforcement agencies are actively targeting and dismantling their operations, aiming to keep individuals and businesses safe from the devastating impact of ransomware attacks.

For media inquiries, please contact AFP Media at (02) 5126 9297. Stay updated with the latest news from the AFP by following their social media pages on Facebook, Twitter, LinkedIn, Instagram, and YouTube.

Source