Recently, authorities in the U.S. and U.K. named 31-year-old Russian national Dmitry Yuryevich Khoroshev, known as “LockbitSupp,” as the leading figure behind LockBit, a notorious ransomware operation with a global impact.
Upon disclosing the identity of Khoroshev, officials released photos and specifics concerning his criminal activities. The U.S. Department of Justice has accused him of various cybercrimes, including fraud and coercion. This disclosure also shed light on LockBit’s historical actions.
Significant information about LockBit emerged earlier this year when their systems were commandeered by law enforcement, exposing the inner workings of the organization.
More details have since been unveiled about what officials describe as “a massive criminal organization that at one point was considered the most prolific and destructive ransomware group globally.”
Here’s a look into what the Khoroshev indictment taught us.
Aliases of Khoroshev: putinkrab and LockBitSupp
While Khoroshev was widely recognized by the alias LockBitSupp, he also operated under another persona: putinkrab. The indictment does not delve into this secondary moniker, but it seems to nod to Russian President Vladimir Putin. Although several online profiles on platforms like Flickr, YouTube, and Reddit use this name, their connection to Khoroshev is unclear.
LockBit Operated Within Russia’s Borders
Conventional understanding suggests Russian cybercriminals avoid targeting their homeland to remain under the radar of local enforcement. Yet, Khoroshev and his associates reportedly targeted Russian entities too, challenging this notion and raising questions about potential repercussions from Russian law enforcement.
Supervision Over LockBit’s Affiliates by Khoroshev
LockBit functioned on a ransomware-as-a-service model, with Khoroshev overseeing the creation and management of the software and infrastructure, while affiliates performed the attacks and ransoms, handing over approximately 20% of their income to Khoroshev. He kept a tight grip on operations, monitoring activities, and even partaking in negotiation processes.
Khoroshev also required affiliates to present identification documents, which were stored on his systems. This likely aided authorities in identifying other members of the LockBit network. Furthermore, Khoroshev created “StealBit,” a tool to assist in harboring stolen data on his servers and potentially leaking it on LockBit’s dark web portal.
Financial Impact of LockBit’s Ransomware: $500 Million
Since its inception in 2020, LockBit’s ransomware has amassed roughly $500 million from some 2,500 victims, ranging from large multinational firms to small enterprises and private individuals, and affecting critical sectors such as healthcare, education, and government.
The collateral financial damages worldwide extend into the billions, accounting for the operational disruptions and recovery costs incurred by the victims.
Collaboration between Khoroshev and Law Enforcement
In a surprising turn of events, following the dismantlement of LockBit’s digital frameworks by global law enforcement, Khoroshev reached out to the authorities, proposing his help in return for the identities of competitors within the ransomware-as-a-service arena.
Khoroshev reportedly demanded officials to “give [him] the names of [his] enemies.”
FAQs: The LockBit Ransomware Syndicate and Dmitry Khoroshev
- What is LockBit?
LockBit is a ransomware-as-a-service operation responsible for cyberattacks that encrypt a victim’s files, demanding a ransom in exchange for the decryption key.
- Who is Dmitry Khoroshev?
Dmitry Yuryevich Khoroshev, aka LockbitSupp or putinkrab, is the Russian individual identified by authorities as the ringleader of the LockBit ransomware group.
- What are the accusations against Khoroshev?
The U.S. Department of Justice charges include several computer crimes, fraud, and extortion linked to the operations of the LockBit ransomware.
- Has LockBit targeted Russian victims?
Yes, despite common practice among Russian cybercriminals to avoid targeting local entities, LockBit has reportedly deployed ransomware against multiple Russian victims.
- What might happen to Khoroshev now?
The legal outcomes for Khoroshev will depend on various factors, including possible extradition procedures, trial outcomes, and international law enforcement cooperation.
Conclusion
The indictment of Dmitry Khoroshev casts a stark light on the underpinnings of today’s ransomware threats. LockBit, under his alleged leadership, has inflicted substantial economic harm across international borders. The proactive steps taken by law enforcement agencies highlight the ongoing efforts to dismantle such cybercrime operations and hold perpetrators accountable. This case serves as a critical reminder of the evolving nature of cyber threats and the necessity for robust cyber defenses and international collaboration in cybercrime prevention.