US DOJ charges LockBit ransomware mastermind, promises $10 million bounty
What's the story
The US Department of Justice (DOJ) has formally charged Dmitry Yuryevich Khoroshev, a Russian national. Khoroshev, also known by his alias "LockBitSupp," is believed to be the brains behind the infamous LockBit ransomware. The DOJ has accused him of playing a pivotal role, in transforming LockBit into one of "the most prolific and destructive ransomware group[s] in the world."
Reach
LockBit ransomware's global impact and earnings
Since its inception in September 2019, the LockBit ransomware has reportedly impacted over 2,500 entities across 120 countries. Khoroshev and his associates are alleged to have accumulated at least $500 million in ransom payments. The ransomware operates on a service model, allowing cybercriminals to purchase or lease it for use against their targets.
Major attacks
Notable attacks and Khoroshev's alleged role
The LockBit ransomware has been connected to significant attacks on the UK's Royal Mail service, a children's hospital, and the small town of St. Marys in Ontario, Canada. It is alleged that Khoroshev received 20% of each ransom payment, and managed the group's data leak site. The indictment suggests that he personally profited at least $100 million from these extorted ransom payments.
Legal action
Khoroshev's charges
Earlier this year, US and UK law enforcement agencies seized LockBit's websites and servers, obtaining keys to help companies regain access to their compromised data. Khoroshev is facing 26 charges, which include one count of conspiracy to commit fraud, and eight counts of extortion to damage a protected computer. If convicted, he could face up to 185 years behind bars. The State Department has announced a $10 million bounty for information leading to his arrest or conviction.
Ongoing threat
LockBit's continued activity and law enforcement's response
Despite law enforcement efforts, LockBit remains active. The UK's National Crime Agency reported a 70% decrease in LockBit attacks in the UK, but the group has since listed over 120 alleged victims on its active website. Global law enforcement agencies have contacted approximately 3,800 of the gang's victims, around 1,200 of whom reside in the US, offering assistance to unlock compromised computers. Investigators are now focusing on identifying individuals who collaborated with the gang.