Unveiled the Lockbit Ransomware Leader, named Dmitry Khoroshev, a Russian Hacker

The U.K. National Crime Agency (NCA) has unmasked the leader and developer of the LockBit ransomware operation, demonstrating it to be a 31-year-old Russian nationwide called Dmitry Yuryevich Khoroshev.

Additionally,  Khoroshev has been authorized by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs. Europol, in a press announcement, expressed management has around 2,500 decryption keys and is continuing to reach LockBit targets to present support.

Khoroshev, who moved by the monikers LockBitSupp and putinkrab, has also evolved the subject of asset freezes and journey bans, with the U.S. Department of State delivering a bonus of up to $10 million for news leading to his arrest and/or judgment.

Earlier, the agency had declared bonus offers of up to $15 million seeking news leading to the originality and location of key executives of the LockBit ransomware variant group as well as data leading to the arrests and/or judgment of the group's associates.

Together, an accusation unsealed by the Department of Justice (DoJ) has assessed Khoroshev on 26 counts, including one count of stratagem to execute trickery, extraction, and corresponding movement in reference with computers; one count of conspiracy to commit wire scam; eight counts of intentional injury to a covered computer; eight counts of extortion about personal data from a shielded computer; and eight counts of extortion about harm to a rescued computer.

In all, the authorities hold the highest punishment of 185 years in jail. Each of the costs further holds a financial liability that's the most significant of $250,000, monetary gain to the criminal, or financial damage to the target. With the latest charge, a sum of six partners affiliated with the LockBit intrigue has been charged, including Mikhail Vasiliev, Mikhail Matveev, Ruslan Magomedovich Astamirov, Artur Sungatov & Ivan Gennadievich Kondratiev.

"Today's statement puts another massive nail in the LockBit coffin and our research into them persists," NCA Director General Graeme Biggar spoke. "We are also now targeting fellows who have utilized LockBit benefits to impose devastating ransomware attacks on schools, hospitals, and significant organizations around the globe."

LockBit, which was one of the numerous prolific ransomware-as-a-service (RaaS) groups, was dismantled as the domain of a harmonized operation dubbed Cronos before this February. It's calculated to have targeted over 2,500 sufferers worldwide and obtained more than $500 million in ransom fees. "LockBit ransomware has been used against Australian, U.K., and U.S. firms, including 18% of entire registered Australian ransomware happenings in 2022-23 and 119 reported targets in Australia," Penny Wong, Minister for Foreign Affairs of Australia, spoke.

Beneath the RaaS enterprise model, LockBit licenses its ransomware software to companions in dealings for an 80% cut of the delivered ransoms. The e-crime batch is also known for its dual extortion tactics, where exposed data is exfiltrated from target networks before encrypting the computer systems and requiring ransom charges. Khoroshev, who began LockBit almost September 2019, is acknowledged to have earned at least $100 million in distributions as part of the task over the one-time four years.

In an impressive twist, the charge has also blamed Khoroshev and his co-conspirators for deploying LockBit against numerous Russian targets, noting the defendant requested tagged records from the compelled affiliates and even got in contact with rule enforcement after the takedown to suggest data about the individuality of his RaaS candidates.

"The real effect of LockBit's crime was hitherto unrecognized, but data received from their systems revealed that between June 2022 and February 2024, more additional than 7,000 attacks were created utilizing their benefits," the NCA said. "The top five nations hit were the U.S., U.K., France, Germany and China." LockBit tries to resurface after the law enforcement efforts have been unsuccessful at most useful, prompting it to publish old and fake targets on its latest data leak site.

"LockBit has developed a further leak site on which they have increased alleged action by broadcasting sufferers targeted before the NCA taking possession of its benefits in February, as well as accepting praise for aggression perpetrated utilizing different ransomware strains," the agency reported. "The group has tried to overhaul over the previous two months, yet [...] they are presently operating at restricted ability and the international danger from LockBit has extremely relieved."

The RaaS scheme is assumed to have surrounded 194 fellows until February 24, out of which 148 made aggression and 119 hired in ransom negotiations with targets. "Of the 119 who started negotiations, there are 39 who seem not to have ever obtained a ransom charge," the NCA noted. "Seventy-five did not engage in any negotiation, so also seem not to have accepted any ransom costs."

The number of active LockBit fellows has since decreased to 69, the NCA declared, adding that LockBit did not routinely delete robbed data once a ransom was delivered and that it found multiple models where the decryptor supplied to sufferers failed to perform as desired. As a core LockBit group chief and developer of the LockBit ransomware, Khoroshev has acted in a combination of operational and administrative roles for the cybercrime group and has helped financially from the LockBit ransomware attacks," the U.S. Treasury Department stated.

"Khoroshev has promoted the upgrading of the LockBit infrastructure, drafted new designers for the ransomware, and operated LockBit affiliates. He is also liable for LockBit's actions to resume operations after their trouble by the U.S. and its partners before this year."

Did you find this article interesting? Join our TTB Community on LinkedIn for more intriguing articles & updates.