“OFAC’s regulations generally prohibit all dealings by US persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of blocked persons. In addition, persons that engage in certain transactions with the individual designated today may themselves be exposed to designation.”
Sanctions may affect ability of victims to pay ransoms
The effect of these sanctions might also impact the ability of victims to make ransom payments to LockBit, and by extension Khoroshev, which has attempted to keep the ransomware operation going after the disruption in February. That said, authorities obtained over 2,500 decryption keys that are being distributed to ransomware victims through the NoMoreRansom Project.
LockBit has been the top ransomware by number of attacks for the past several years. According to the NCA, data recovered by authorities from the seized servers show that between June 2022 and February 2024, LockBit ransomware was used in over 7,000 attacks which resulted in 2,110 victims engaging in some level of negotiation with the gang and its affiliates. The service had 194 affiliates of which 119 negotiated with victims. It’s estimated that victims paid over $120 million.