US, UK police identify and charge Russian leader of LockBit ransomware gang | TechCrunch

The identity of the leader of one of the most notorious ransomware groups in history has finally been revealed.

On Tuesday, a coalition of law enforcement led by the UK’s National Crime Agency announced That Russian citizen, 31-year-old Dmitry Yuryevich Khoroshev, is the person behind the LockBitSupp alias, the administrator and developer of the LockBit ransomware. US Justice Department also Indictment announced Khoroshev was accused of computer crimes, fraud and extortion.

Attorney General Merrick B. Garland was quoted as saying, “Today we are going one step further, charging the individual we accused of developing and operating this malicious cyber scheme that targeted more than 2,000 victims and stole over $100 million in ransomware payments.” In the announcement.

According to the DOJ, Khoroshev is from Voronezh, a city in Russia about 300 miles south of Moscow.

U.S. Attorney Philip said, “Dmitry Khoroshev conceived, developed, and administered LockBit, the world’s most prolific ransomware variant and group, allowing himself and his associates to wreak havoc and cause billions of dollars in damages to thousands of victims worldwide. Be able to deliver.” R. for the District of New Jersey. Selinger, where Khoroshev was convicted.

The law enforcement coalition announced the identity of LockBitSupp in press releases as well as on LockBit’s original dark web site, which Authorities seized it earlier this year, On the site, the US State Department announced a $10 million reward for information that could help authorities arrest and convict Khoroshev.

American government also Sanctions announced Against Khoroshev, which effectively bars anyone from dealing with him, such as paying ransom to victims. Banning the people behind ransomware makes it more difficult So that they can benefit from cyber attacks. Violating the restrictions, including making payments to sanctioned hackers, can result in heavy fines and prosecution.

Lockbit has been active since 2020, and, According to the US cyber security agency CISAThe group’s ransomware variant was the “most deployed” in 2022.

On Sunday, the law enforcement coalition was restored lockbit’s dark web site has been seized Publish a list of posts that were intended to tease the latest revelations, in February, Authorities announced that they have taken control of Lockbit’s site and had replaced the hackers’ posts with their own posts, which included a press release and other information related to “Operation Chronos” by the coalition.

After some time, Lockbit appears to be making a comeback With a new site and a new list of alleged victims, which was being updated starting Monday, According to a security researcher Who tracks the group.

For weeks, the leaders of Lockbit, known as Lockbitsupp, had been vocal and public in an effort to discredit the law enforcement operation, and to show that Lockbit was still active and targeting victims. In March, LockBitSupp Gave an interview to news outlet The Record In which he claimed that Operation Chronos and the actions of law enforcement “do not affect the business in any way.”

“I take this as additional advertising and an opportunity to show everyone my strength of character. I can’t be intimidated. What doesn’t kill you makes you stronger,” LockBitSupp told The Record.