Australia has imposed a targeted financial sanction and travel ban on Russian citizen Dmitry Yuryevich Khoroshev for his senior leadership role in the LockBit ransomware group.
This is the second use of Australia’s autonomous cyber sanctions framework and part of ongoing coordinated international law enforcement action.
Australia continues to experience an increase in persistent and pervasive ransomware activity by cyber criminals across Australian critical infrastructure, government, industry and community sectors.
Under Operation Cronos, the Australian Signals Directorate and Australian Federal Police worked with international partners, including the United Kingdom (UK) and United States (US), to identify Dmitry Yuryevich Khoroshev as part of LockBit’s senior leadership.
Lockbit is a prolific criminal ransomware group and works to destabilise and disrupt key sectors for financial gain.
LockBit ransomware has been used against Australian, UK and US businesses, comprising 18% of total reported Australian ransomware incidents in 2022-23 and 119 reported victims in Australia.
The new sanction under the cyber sanctions framework makes it a criminal offence to provide assets to Dmitry Yuryevich Khoroshev, or to use or deal with his assets.
The framework is intended to disrupt and deter the perpetrators of malicious cyber activity, such as ransomware.
The Australian Government continues to discourage businesses and individuals from paying ransoms or extortion claims to cyber criminals and can provide help and advice.
If you are asked to pay a ransom you should:
- Call the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) for cyber security assistance; and
- Report the cybercrime, incident or vulnerability to the Australian Signals Directorate
Australian businesses can help protect themselves from ransomware by backing up their files and work, and ensuring staff remain vigilant to possible threats.
More information and tips can be found at Ransomware | Cyber.gov.au
Further detail about Operation Cronos can be found on the AFP website.
Deputy Prime Minister and Minister for Defence, Richard Marles:
“We continue to see governments, critical infrastructure, businesses and households in Australia targeted by malicious cyber actors.
The Australian Signals Directorate and the Australian Federal Police have worked with international counterparts to link Dmitry Yuryevich Khoroshev to LockBit’s senior leadership.
“Cyber sanctions are a key component of the Australian Government’s work to deter cybercrime and help protect Australians by exposing the activities and identity of cyber criminals operating across jurisdictions.”
Minister for Foreign Affairs, Senator the Hon Penny Wong:
“Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behaviour, and holding accountable those who flout the rules.”
“Sanctions impose costs and consequences on individuals for their actions – we will continue to use them where and when appropriate.”
Minister for Cyber Security, the Hon Clare O’Neil MP:
“Today’s announcement demonstrates the Australian Government’s ongoing commitment under the 2023-2030 Australian Cyber Security Strategy to continue to deter and respond to malicious cyber activity.
“This sanction is an important step in breaking the ransomware business model, preventing cybercriminals from profiting from attacks on Australian citizens and businesses.
“The damage done by LockBit in Australia is significant. For too long, criminals like those behind LockBit have hidden in the shadows. Our government is changing that. Hunting down cyber criminals by working with our international partners to hack the hackers and punishing them where we can.”