An alleged leader of international ransomware group LockBit has been hit with financial sanctions and banned from travelling to Australia.
The Australian government named Dmitry Yuryevich Khoroshev, a Russian citizen, as having a “senior leadership role” in a criminal group that supplied a global network of hackers with the tools and infrastructure to carry out online attacks.
The announcement was made overnight in co-ordination with authorities in the United Kingdom and the United States.
LockBit was behind 18% of reported Australian ransomware incidents in 2022-23 and targeted 119 people in Australia, the government said.
UK authorities said Mr Khoroshev was the person behind the alias LockBitSupp while US authorities unsealed an indictment against him alleging he “acted as the LockBit ransomware group’s developer and administrator from its inception in or around September 2019” until this month.
“Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behaviour, and holding accountable those who flout the rules,” foreign minister Penny Wong said in a statement.
“Sanctions impose costs and consequences on individuals for their actions - we will continue to use them where and when appropriate.”
A new sanction under Australia’s cyber sanctions framework makes it a criminal offence to provide assets to Khoroshev or to use or deal with his assets.
UK authorities say more than 7000 online attacks were built using LockBit’s services between June 2022 and February 2024, with the top five countries hit being the US, UK, France, Germany and China.
Law enforcement agencies from several countries first disrupted LockBit in February, taking over the group’s darkweb site.