Britain, US and Australia sanction and unmask Russian leader of cybercrime gang LockBit
Dmitry Khoroshev faces asset freezes and travel bans after being identified as one of the primary figures of the group that has extorted more than $1bn
07 May 2024 - 18:23
byJames Pearson and Sachin Ravikumar
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
A screenshot taken on February 19 shows a take-down notice that a group of global intelligence agencies issued to a dark website, Lockbit. Picture: REUTERS/SUPPLIED
London — Britain, the US and Australia have sanctioned and unmasked a senior Russian leader of the notorious cybercrime gang LockBit, the British government said on Tuesday.
Dmitry Khoroshev will face asset freezes and travel bans after being identified as one of the leaders of LockBit, the ransomware group that has digitally extorted more than $1bn from victims worldwide, it said.
“These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe. He was certain he could remain anonymous, but he was wrong,” said Graeme Biggar, director-general of Britain’s National Crime Agency (NCA).
LockBit was first disrupted by the NCA, US department of justice, FBI and Europol in February, in an unprecedented campaign in which the gang’s darkweb site was hijacked by police and used to leak internal information about the group and the people behind it.
“In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cybercriminal activity emanating from Russia,” Britain’s sanctions minister Anne-Marie Trevelyan said.
Ransomware is malicious software that encrypts data; Lockbit and its affiliates make money by coercing its targets into paying ransom to decrypt or unlock that data with a digital key. The gang’s digital extortion tools have been used against some of the world’s largest organisations.
Its affiliates are like-minded criminal groups that Lockbit recruits to wage attacks using those tools. Those affiliates carry out the attacks, and provide Lockbit a cut of the ransom, which is usually demanded in the form of cryptocurrency, making it harder to trace.
In February, the US announced it had charged two Russian nationals with deploying Lockbit ransomware against companies and groups worldwide. Both men were also sanctioned by the US Treasury.
Before it was seized by law enforcement, Lockbit’s website displayed an ever-growing gallery of victim organisations that was updated nearly daily. Next to their names were digital clocks that showed the number of days left to the deadline given to each organisation to provide ransom payment.
On Tuesday, international police agencies once again turned that platform against the gang itself to unmask Khoroshev and published a wanted poster promising a $10m award for information that would lead to Khoroshev’s arrest.
According to a 26-count US indictment unsealed on Tuesday, Khoroshev received at least $100m in bitcoin payments from LockBit’s activity. Reuters was unable to find contact information for Khoroshev or his lawyer.
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Britain, US and Australia sanction and unmask Russian leader of cybercrime gang LockBit
Dmitry Khoroshev faces asset freezes and travel bans after being identified as one of the primary figures of the group that has extorted more than $1bn
London — Britain, the US and Australia have sanctioned and unmasked a senior Russian leader of the notorious cybercrime gang LockBit, the British government said on Tuesday.
Dmitry Khoroshev will face asset freezes and travel bans after being identified as one of the leaders of LockBit, the ransomware group that has digitally extorted more than $1bn from victims worldwide, it said.
“These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe. He was certain he could remain anonymous, but he was wrong,” said Graeme Biggar, director-general of Britain’s National Crime Agency (NCA).
LockBit was first disrupted by the NCA, US department of justice, FBI and Europol in February, in an unprecedented campaign in which the gang’s darkweb site was hijacked by police and used to leak internal information about the group and the people behind it.
“In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cybercriminal activity emanating from Russia,” Britain’s sanctions minister Anne-Marie Trevelyan said.
Ransomware is malicious software that encrypts data; Lockbit and its affiliates make money by coercing its targets into paying ransom to decrypt or unlock that data with a digital key. The gang’s digital extortion tools have been used against some of the world’s largest organisations.
Its affiliates are like-minded criminal groups that Lockbit recruits to wage attacks using those tools. Those affiliates carry out the attacks, and provide Lockbit a cut of the ransom, which is usually demanded in the form of cryptocurrency, making it harder to trace.
In February, the US announced it had charged two Russian nationals with deploying Lockbit ransomware against companies and groups worldwide. Both men were also sanctioned by the US Treasury.
Before it was seized by law enforcement, Lockbit’s website displayed an ever-growing gallery of victim organisations that was updated nearly daily. Next to their names were digital clocks that showed the number of days left to the deadline given to each organisation to provide ransom payment.
On Tuesday, international police agencies once again turned that platform against the gang itself to unmask Khoroshev and published a wanted poster promising a $10m award for information that would lead to Khoroshev’s arrest.
According to a 26-count US indictment unsealed on Tuesday, Khoroshev received at least $100m in bitcoin payments from LockBit’s activity. Reuters was unable to find contact information for Khoroshev or his lawyer.
Reuters
Itac data breach has industry fuming
MTN chair Mcebisi Jonas again impersonated online
KATE THOMPSON DAVY: Flames of cyberattacks in SA hottest in Africa
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Most Read
Related Articles
KATE THOMPSON DAVY: Flames of cyberattacks in SA hottest in Africa
Global coalition disrupts Lockbit ransomware gang
Hackers disrupt China’s biggest bank
Published by Arena Holdings and distributed with the Financial Mail on the last Thursday of every month except December and January.