The identity of the leader of one of the most notorious ransomware groups in history has finally been revealed.
On Tuesday, a coalition of law enforcement agencies led by the UK's National Crime Agency confirmed that Russian national Dmitry Yuryevich Khoroshev, 31, is the administrator and developer of LockBit ransomware and the person behind the nickname “LockBitSupp”. announced. The U.S. Department of Justice also announced that it had indicted Khoroshev on charges of computer crimes, fraud and extortion.
“Today, we are going a step further and are taking a step further to ensure that this malicious cyber scheme, which targeted more than 2,000 victims and stole more than $100 million in ransomware payments, was developed and managed,” said Attorney General Merrick B. Garland. We will prosecute the individuals who allegedly did this,'' he reportedly said. In the announcement.
According to the Justice Department, Mr. Khoroshev is from the Russian city of Voronezh, about 300 miles south of Moscow.
“Dmitry Khoroshev invented, developed and managed Rockbit, the world’s most prolific ransomware variant and group, allowing himself and his affiliates to wreak havoc and inflict thousands of victims around the world. “This allowed victims to inflict billions of dollars in damages,” said U.S. Attorney Phillip. Mr. R. Selinger of the District of New Jersey where Khoroshev was indicted.
A coalition of law enforcement agencies announced LockBitSupp's true identity in a press release and on LockBit's original dark web site, which authorities seized earlier this year. On the site, the U.S. State Department announced a $10 million reward for information that could help authorities arrest and convict Khoroshev.
The US government also announced sanctions against Khoroshev, effectively banning victims from doing business with him, including paying ransoms. Sanctioning those behind ransomware will make it more difficult for them to profit from cyberattacks. Violating sanctions, such as paying money to sanctioned hackers, can result in hefty fines and prosecution.
LockBit has been active since 2020, and the group's ransomware variants were the “most deployed” in 2022, according to US cybersecurity agency CISA.
Europol, which participated in the law enforcement operation, said in a statement that authorities now have more than 2,500 decryption keys that can help victims unlock data previously encrypted by the gang.
The NCA published an infographic about the seized LockBit sites, which included statistics on LockBit's activities. According to data, the group has targeted more than 100 hospitals, medical companies, and facilities, including children's hospitals. In that case, LockBit said the attack was a mistake and that it would block the “partner” who carried out the attack and provide a decryption key to unlock the files. However, according to the NCA, “that was a lie” because the partner remained active and the decryption key “did not function properly”.
The NCA asked Khoroshev to contact him if he disagreed with the findings. “Can I do it in person?” the NCA said.
On Sunday, a coalition of law enforcement agencies recovered Rockbit's seized dark website and published a list of posts aimed at making fun of the latest revelations. In February, authorities announced they had taken control of the LockBit site and replaced the hackers' posts with their own. The post included press releases and other information related to what the coalition calls “Operation Kronos.”
Shortly after, LockBit appears to be back with a new site and a new list of alleged victims, which was updated as of Monday. According to security researchers The person who tracks the group.
LockBit's leader, known as LockBitSupp, has been vocal in public for weeks, trying to dismiss law enforcement efforts and show that LockBit is still active and targeting victims. . In March, LockBitSupp claimed in an interview with news outlet The Record that Operation Kronos and the actions of law enforcement “have not had any impact on our business.”
“I see this as further publicity and an opportunity to show everyone the strength of my character. You can't be intimidated. What doesn't kill you makes you stronger,” LockBitSupp told The Record told.