Russian ransomware gang SugarLocker — which was reported by Group-IB spinoff F.A.C.C.T. to have emerged in 2021 as a ransomware-as-a-service operation — had three of its members apprehended by Russian law enforcement authorities last week, according to The Record, a news site by cybersecurity firm Recorded Future.
Indictments related to malicious computer program development, utilization, and distribution have been filed against the members, who are under the aliases JimJones, blade_runner, and Gustave Dore, who could be imprisoned for up to four years if found guilty.
Gustave Dore has been known to be a pseudonym of Aleksandr Ermakov, who faced U.S., UK, and Australian sanctions for compromising Medibank, the largest health insurance provider in Australia, in October 2022.
Ermakov was noted by an expert close to the matter to be associated with SugarLocker even though such a correlation has not been confirmed by F.A.C.C.T. Such a disclosure on the SugarLocker crackdown comes amid the international law enforcement takedown of the LockBit ransomware operation, with Recorded Future Product Management Director Dmitry Smilyanets noting that the announcement may have been timed to show Russia's efforts to curb ransomware.
