The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor being revealed for the first time.

According to a new indictment by the US Department of Justice and a press release by the NCA, the LockBit ransomware operator known as ‘LockBitSupp’ has been confirmed to be a Russian national named Dmitry Yuryevich Khoroshev. The DOJ is expected to release an indictment later today with further information.

“The sanctions against Russian national Dmitry Khoroshev (pictured), the administrator and developer of the LockBit ransomware group, are being announced today by the FCDO alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs,” announced the National Crime Agency.

“Khoroshev, AKA LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans.”

Today’s announcements also include sanctions against the administrator and developer of LockBit, including asset freezes and travel bans. The US is also offering a $10 million reward for information leading to LockBitSupp’s arrest and/or conviction as part of the Rewards for Justice program.

“The administrator and developer of LockBit, a Russian national, is now subject to aseries of asset freezes and travel bans issued by the UK Foreign, Commonwealth and Development Office, alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs and Trade,” reads an announcement from Europol.

These sanctions will cause massive disruption for the operation as paying a ransom could potentially break sanctions, imposing government fines on companies.

In the past, similar sanctions caused some ransomware negotiators to no longer assist in ransom payments for sanctioned ransomware operations.

Law enforcement also announced that its hacking and seizure of LockBit infrastructure allowed them to gain more decryption keys than previously announced.

In February, an international law enforcement operation named Operation Chronos took down LockBit’s infrastructure, including 34 servers hosting the data leak website and its mirrors, data stolen from the victims, cryptocurrency addresses, decryption keys, and the affiliate panel.

Europol now reveals that they obtained 2,500 decryption keys and are continuing to assist LockBit victims in recovering their files for free.

This is a developing story.