First published: 08 May 2024
Last updated: 08 May 2024

This is the second use of Australia’s autonomous cyber sanctions framework and part of an ongoing coordinated international law enforcement action. The first sanction was imposed in January 2024 on Aleksandr Ermakov, a Russian national who was involved in the 2022 compromise of Medibank and the theft of almost 10 million health insurance records of Australians.

The Australian Signals Directorate (ASD) and Australian Federal Police (AFP) worked with international partners, including the United Kingdom (UK) and United States (US), to identify Dmitry Yuryevich Khoroshev as part of LockBit’s senior leadership.

Lockbit is a prolific criminal ransomware group and works to destabilise and disrupt key sectors for financial gain.

The new sanction under the cyber sanctions framework makes it a criminal offence to provide assets to Dmitry Yuryevich Khoroshev, or to use or deal with his assets.

Off the back of the cyber sanctions, the Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) has published the LockBit Advisory which contains current advice to defend against LockBit actors.

All cybercrime and cyber security incidents should be reported to ASD’s ACSC. ASD’s ACSC can provide advice to help address incidents.

Reporting helps ASD to understand the threat out there, and informs defensive advice and operational decisions to make Australia more cyber secure.

For compliance with Australia’s cyber sanctions, see the Department of Foreign Affairs and Trade’s cyber sanctions guidance.

For more information, read the media release from https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanction-imposed-russian-citizen-ransomware-activity

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it