Cyber sanction imposed on Russian citizen for ransomware activity

Release details

Release type

Related ministers and contacts


The Hon Richard Marles MP

Deputy Prime Minister

Minister for Defence

Media contact

dpm.media@defence.gov.au

02 6277 7800


Senator the Hon Penny Wong

Leader of the Government in the Senate

Minister for Foreign Affairs


The Hon Clare O’Neil MP

Minister for Home Affairs

Minister for Cyber Security

Media contact

media@defence.gov.au

Release content

8 May 2024

Australia has imposed a targeted financial sanction and travel ban on Russian citizen Dmitry Yuryevich Khoroshev for his senior leadership role in the LockBit ransomware group.

This is the second use of Australia’s autonomous cyber sanctions framework and part of ongoing coordinated international law enforcement action.

Australia continues to experience an increase in persistent and pervasive ransomware activity by cyber criminals across Australian critical infrastructure, government, industry and community sectors.

Under Operation Cronos, the Australian Signals Directorate and Australian Federal Police worked with international partners, including the United Kingdom (UK) and United States (US), to identify Dmitry Yuryevich Khoroshev as part of LockBit’s senior leadership.

Lockbit is a prolific criminal ransomware group and works to destabilise and disrupt key sectors for financial gain.

LockBit ransomware has been used against Australian, UK and US businesses, comprising 18% of total reported Australian ransomware incidents in 2022-23 and 119 reported victims in Australia.

The new sanction under the cyber sanctions framework makes it a criminal offence to provide assets to Dmitry Yuryevich Khoroshev, or to use or deal with his assets.

The framework is intended to disrupt and deter the perpetrators of malicious cyber activity, such as ransomware.

The Australian Government continues to discourage businesses and individuals from paying ransoms or extortion claims to cyber criminals and can provide help and advice.

If you are asked to pay a ransom you should:

  1. Call the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) for cyber security assistance; and
  2. Report the cybercrime, incident or vulnerability to the Australian Signals Directorate at https://www.cyber.gov.au/report

Australian businesses can help protect themselves from ransomware by backing up their files and work, and ensuring staff remain vigilant to possible threats. 

More information and tips can be found at: cyber.gov.au/ransomware.

Further detail about Operation Cronos can be found on the AFP website.

Quote attributable to Deputy Prime Minister and Minister for Defence, Richard Marles:

“We continue to see governments, critical infrastructure, businesses and households in Australia targeted by malicious cyber actors.

The Australian Signals Directorate and the Australian Federal Police have worked with international counterparts to link Dmitry Yuryevich Khoroshev to LockBit’s senior leadership.

“Cyber sanctions are a key component of the Australian Government’s work to deter cybercrime and help protect Australians by exposing the activities and identity of cyber criminals operating across jurisdictions.”

Quote attributable to Minister for Foreign Affairs, Senator the Hon Penny Wong:

“Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behaviour, and holding accountable those who flout the rules.”

“Sanctions impose costs and consequences on individuals for their actions – we will continue to use them where and when appropriate.”

Quote attributable to Minister for Cyber Security, the Hon Clare O’Neil MP:

“Today’s announcement demonstrates the Australian Government’s ongoing commitment under the 2023-2030 Australian Cyber Security Strategy to continue to deter and respond to malicious cyber activity.

“This sanction is an important step in breaking the ransomware business model, preventing cybercriminals from profiting from attacks on Australian citizens and businesses.

“The damage done by LockBit in Australia is significant. For too long, criminals like those behind LockBit have hidden in the shadows. Our government is changing that. Hunting down cyber criminals by working with our international partners to hack the hackers and punishing them where we can.”

 

MEDIA NOTE – an image of Dmitry Yuryevich Khoroshev is available here

Other related releases