Law enforcement agencies in the United States and the United Kingdom have successfully identified and brought charges against the Russian leader of the notorious LockBit ransomware gang.
After extensive investigation, a collaborative effort led by the U.K.’s National Crime Agency unveiled the true identity of Dmitry Yuryevich Khoroshev, a 31-year-old Russian national known by the alias LockBitSupp. Khoroshev is revealed to be both the administrator and developer behind the malicious LockBit ransomware. The U.S. Department of Justice has also indicted Khoroshev, alleging him of various computer crimes, fraud, and extortion.
Attorney General Merrick B. Garland emphasized the significance of this development, highlighting that Khoroshev’s cyber scheme has victimized over 2,000 targets, resulting in the theft of more than $100 million in ransom payments.
According to the Department of Justice, Khoroshev hails from Voronezh, a Russian city located approximately 300 miles south of Moscow.
U.S. Attorney Philip R. Sellinger for the District of New Jersey, where Khoroshev was indicted, described Khoroshev as the mastermind behind LockBit, responsible for causing extensive damage worldwide and accumulating billions of dollars in losses for numerous victims.
Law enforcement agencies, in their press releases and through the seized dark web platform belonging to LockBit, have also publicized a reward of $10 million for information leading to Khoroshev’s arrest and conviction.
Furthermore, the U.S. government has imposed sanctions on Khoroshev, effectively prohibiting any transactions involving him, including ransom payments. This measure aims to hinder the profitability of ransomware activities, with severe penalties for violations.
LockBit, which has been operational since 2020, gained notoriety for its widespread use, becoming the most deployed ransomware variant in 2022 according to the U.S. cybersecurity agency CISA.
As part of the law enforcement operation, Europol announced the possession of over 2,500 decryption keys, offering potential relief to victims by enabling them to unlock encrypted data previously held captive by the gang.
The National Crime Agency highlighted LockBit’s targeting of critical institutions such as hospitals, healthcare facilities, and even a children’s hospital. Despite promises of rectifying mistakes, including providing decryption keys, investigations revealed such assurances to be false, further underscoring the malicious nature of the gang’s activities.
The NCA extended an invitation to Khoroshev to challenge their findings, suggesting a direct engagement to address any discrepancies.
In response to the law enforcement crackdown, LockBit attempted to assert its resilience by reappearing with a new website and a fresh list of alleged victims. Despite claims of unaffected operations, the actions of law enforcement continue to disrupt and expose the criminal activities of LockBit and its leader.
By: Nestor Castillo, ForAllTechNews Director