Russian Citizen Hit with Cyber Sanction for Ransomware Acts

Australia has imposed a targeted financial sanction and travel ban on Russian citizen Dmitry Yuryevich Khoroshev for his senior leadership role in the LockBit ransomware group.

This is the second use of Australia's autonomous cyber sanctions framework and part of ongoing coordinated international law enforcement action.

Australia continues to experience an increase in persistent and pervasive ransomware activity by cyber criminals across Australian critical infrastructure, government, industry and community sectors.

Under Operation Cronos, the Australian Signals Directorate and Australian Federal Police worked with international partners, including the United Kingdom (UK) and United States (US), to identify Dmitry Yuryevich Khoroshev as part of LockBit's senior leadership.

Lockbit is a prolific criminal ransomware group and works to destabilise and disrupt key sectors for financial gain.

LockBit ransomware has been used against Australian, UK and US businesses, comprising 18% of total reported Australian ransomware incidents in 2022-23 and 119 reported victims in Australia.

The new sanction under the cyber sanctions framework makes it a criminal offence to provide assets to Dmitry Yuryevich Khoroshev, or to use or deal with his assets.

The framework is intended to disrupt and deter the perpetrators of malicious cyber activity, such as ransomware.

The Australian Government continues to discourage businesses and individuals from paying ransoms or extortion claims to cyber criminals and can provide help and advice.

If you are asked to pay a ransom you should:

• Call the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) for cyber security assistance; and
• Report the cybercrime, incident or vulnerability to the Australian Signals Directorate

Australian businesses can help protect themselves from ransomware by backing up their files and work, and ensuring staff remain vigilant to possible threats.