International law enforcement today revealed the identity of who they say is the leader of the notorious Lockbit ransomware gang.The US charged 31-year-old Russian national Dimitry Yuryevich Khoroshev for creating and operating the Lockbit group, which has targeted over 2,000 victims while extorting at least $500 million in ransom payments, according to federal officials. The Justice Department is indicating it uncovered Khoroshev’s identity after the FBI teamed up with investigators in Europe to dismantle Lockbit’s ransom site in February, which also led to the seizure of servers used by the gang’s administrators. Starting on Sunday, law enforcement teased a major announcement about the leader of the Lockbit gang, the so-called “LockbitSupp.” Though officials have made empty promises about hacker reveals in the past, it looks like they came through this time with the charges against Khoroshev. They also posted photos of him.
This Tweet is currently unavailable. It might be loading or has been removed.
The law enforcement actions could deter cybercriminals from working with Lockbit, which leases access to its ransomware attacks to affiliates. In Tuesday’s announcement, federal investigators allege that Khoroshev personally pocketed $100 million from the ransomware payments, but that in February he “allegedly communicated with law enforcement and urged them to disclose the identities of his RaaS (ransomware-as-a-service) competitors—whom Khoroshev called his ‘enemies’—in exchange for his services.”The charges against Khoroshev carry a maximum penalty of 185 years in prison. Although Russia likely won’t extradite him for prosecution, the US State Department is offering a $10 million reward for information leading to Khoroshev’s arrest. The US Treasury Department is also sanctioning Khoroshev, which bars US citizens and businesses from working with him. The UK and Australia are imposing similar measures. However, the Lockbit gang reportedly denies the allegations that Khoroshev is a senior leader. “The FBI is bluffing, I’m not Dimon, I feel sorry for the real Dimon,” the group told the malware repository site Vx-underground, using a nickname for Dimitry.
Recommended by Our Editors
As part of Tuesday’s announcement, Europol says investigators recovered over 2,500 decryption keys capable of reversing the ransomware infections from the Lockbit gang. “Europol has been exploiting the vast amount of data gathered during the investigation and the first phase of action to identify these victims, who are located all over the world,” the agency says. The Justice Department adds: “With the indictment unsealed today, a total of six LockBit members have now been charged for their participation in the LockBit conspiracy.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.