Dmitry Khoroshev. Image: UK NCA
The NCA and FBI claim Dmitry Khoroshev led the notorious ransomware gang which was disrupted by an international task force earlier this year, though LockBit does not appear to be entirely out of the picture.
Authorities in the US and UK have named the alleged leader of the LockBit ransomware gang and are looking for information to lead to his arrest.
The two countries claim the “administrator and developer” of this group is Russian national Dmitry Khoroshev. The UK’s National Crime Agency (NCA) said this individual went by the alias LockBitSupp and will now be subject to a series of asset freezes and travel bans.
US authorities also unsealed an indictment against Khoroshev and are offering a reward of up to $10m for information that leads to his arrest or conviction. These actions follow a massive joint operation earlier this year that disrupted the ransomware gang.
“The LockBit ransomware group represented one of the most prolific ransomware variants across the globe, causing billions of dollars in losses and wreaking havoc on critical infrastructure, including schools and hospitals,” said FBI director Christopher Wray. “The charges announced today reflect the FBI’s unyielding commitment to disrupting ransomware organisations and holding the perpetrators accountable.”
The LockBit gang provides ransomware-as-a-service to a global network of ‘affiliates’, giving criminals tools to carry out their own cyberattacks. The NCA claims that the gang’s services were responsible for more than 7,000 attacks between June 2022 and February 2024 – based on data obtained from the gang’s systems.
“Working with US and international partners, we are using all our tools to hold ransomware actors accountable – and we continue to encourage victims to report cyberattacks to the FBI when they happen,” said US deputy attorney general Lisa Monaco. “Reporting an attack could make all the difference in preventing the next one.”
The Lockbit gang has still been active since the joint task force took down its data leak website earlier this year, but the NCA assesses that the gang is running at limited capacity and that its global threat has been “significantly reduced”.
Not everyone is so optimistic however. Ricardo Villadiego, the founder and CEO of cybersecurity firm Lumu, previously told SiliconRepublic.com that gangs such as LockBit are prepared for these potential risks – evident by the fact that the gang was offering its services again in “less than four days”.
Dr Darren Williams, the CEO of cybersecurity company BlackFog, told SiliconRepublic.com that the issue with the broader ransomware sector is that many of these gangs are dispersed in multiple countries and “often work for multiple gangs” at the same time.
“They’re very tenacious and they’ve built their networks that way as well so that they know there’s no one weak link,” Williams said. “You take out one important piece, another one is ready to take over.”
A report from BlackFog last month claimed ransomware surged by 110pc in March and that LockBit ransomware remained a dominant variant, despite the disruption that occurred the month prior.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.
