LockBit mastermind faces 185 years as global authorities crack down
The United States Department of Justice has charged Dmitry Yuryevich Khoroshev with creating and operating LockBit ransomware, which has been described as one of the "most productive and destructive" digital extortion tools in the world.
14 May 2024 20:22
The Verge reports that Khoroshev has significantly impacted LockBit's operations since the group appeared in September 2019. In just a few years, it has victimised over 2,500 victims from at least 120 countries, bringing the group, led by Khoroshev, revenues of at least £400 million from ransoms.
how did LockBit work?
LockBit operated on the principle of "ransomware as a service," allowing cybercriminals to rent software to attack victims. The software provided by this group was attributed to several high-profile attacks, including on the UK mail, a children's hospital, and the small Canadian town of St. Marys in Ontario. As The Verge reports, in February of this year, U.S. and UK services seized the websites and servers used by LockBit, obtaining keys that could help organisations regain access to their data. Alongside Khoroshev, Arthur Sungatov and Ivan Kondratyev were also charged with using LockBit against victims in the USA.
what consequences does Khoroshev face?
Khoroshev, who took 20% of every ransom and managed the data leak site, is now charged with 26 offences, including conspiracy to commit fraud and eight counts of extortion involving the destruction of legally protected computers. He faces a total sentence of up to 185 years in prison for all this. The United States Department of Justice has also offered a reward of £8 million for information that helps capture him. The U.S. Attorney for the District of New Jersey, Philip R. Sellinger, emphasised that this is an important moment in the investigation against LockBit members, including Khoroshev, which has disrupted the group's activities and led to the indictment of two of its members.
was LockBit dismantled?
Despite significant law enforcement actions, the LockBit ransomware group continues to operate. Recent coordinated actions by the FBI and Europol aimed to dismantle the group's infrastructure and disrupt its operations. These included seizing servers, intercepting key infrastructure components, and transforming the group's data leak site into a law enforcement press portal. All these actions seriously disrupted LockBit's functioning.
The group's online infrastructure, including servers in the United States, was eliminated during the operation. At the same time, ransomware victims were provided with decryption keys, allowing the recovery of encrypted data without paying a ransom. Unfortunately, despite these efforts, some dark websites used by the group remain active, and the damages caused by previous attacks are irreversible.
source: The Verge