Connect with us

Cyber Crime

Dmitry Khoroshev Unmasked: The Brain Behind LockBit’s Billion-Dollar Cyber Extortion

– Dmitry Khoroshev, leader of LockBit ransomware, faces charges in a global crackdown.
– Over 2,500 victims worldwide, with damages exceeding $500 million, spotlight the extensive cybercrime impact.



Dmitry Khoroshev Unmasked: The Brain Behind LockBit's Billion-Dollar Cyber Extortion

In a landmark international operation led by the National Crime Agency (NCA), Dmitry Khoroshev, a key figure in the infamous LockBit ransomware group, has been sanctioned by the UK, the US, and Australia.

Known within the cyber underworld as LockBitSupp, Khoroshev has long thrived on his anonymity, even promising a $10 million bounty for anyone who could expose his identity. Today, that anonymity ends as the UK’s Foreign, Commonwealth & Development Office, the US Department of the Treasury’s Office of Foreign Assets Control, and the Australian Department of Foreign Affairs have imposed asset freezes and travel bans on him.

US authorities have unsealed an indictment against Khoroshev and are offering up to $10 million for information leading to his arrest or conviction. This move is part of Operation Cronos, an extensive international effort involving the NCA, FBI, and other global partners aimed at dismantling the LockBit network, which has been responsible for over 7,000 attacks across various nations between June 2022 and February 2024.

ALSO READ: Join the Movement: Future Crime Research Foundation Launches State Chapters to Build a Cyber-Safe India


LockBit, known for its ransomware-as-a-service (RaaS) model, provided tools and infrastructure to a worldwide network of hackers. This February, the NCA successfully infiltrated and seized control of LockBit’s services, including their dark web leak site, significantly disrupting their operations. The data harvested from LockBit’s systems revealed their broad impact, with the US, UK, France, Germany, and China being the most affected nations.

Over 100 hospitals and healthcare facilities have been targets of CronosAttacks, and at least 2,110 victims have been forced into negotiations with these cybercriminals. Despite attempts to regenerate, LockBit is now operating at a reduced capacity, and the global threat they pose has diminished markedly.

Operation Cronos has provided deep insights into LockBit’s operational network, uncovering the identities of 194 affiliates who utilized LockBit’s ransomware services up to February 2024. This included affiliates who built attacks, engaged in negotiations, and in many instances, failed to receive any ransom payments despite their criminal efforts.

Among the nefarious activities, an attack on a children’s hospital in December 2022 was notably addressed by LockBitSupp with an apology and the provision of a free decryptor, declaring the responsible affiliate as having violated their rules. Despite this, the affiliate continued to operate under LockBit, engaging in numerous attacks thereafter.

Graeme Biggar, Director General of the NCA, stated, “These sanctions are hugely significant and demonstrate that cybercriminals like Dmitry Khoroshev cannot hide from justice. Our ongoing efforts have substantially weakened LockBit’s influence and operations.” Sanctions Minister Anne-Marie Trevelyan added, “Our actions against LockBit leaders reflect our commitment to combating cyber threats and the destabilizing activities emanating from Russia.”

The NCA and its partners now possess over 2,500 decryption keys and continue to reach out to nearly 240 LockBit victims in the UK, offering crucial support. Public cooperation remains vital in combating ransomware, with UK residents encouraged to report incidents through the Government’s Cyber Incident Signposting Site.

Operation Cronos continues to be a collaborative effort involving law enforcement units from multiple countries, all committed to neutralizing the global threat posed by ransomware groups like LockBit.

ALSO READ: Join Future Crime Research Foundation’s Webinar on ‘AML (Money Laundering), CFT (Terror Financing) & Regulatory Compliances’.

LockBit Leader Unmasked and Charged: Key Points

  • Dmitry Khoroshev, the mastermind behind the LockBit ransomware group, has been identified and indicted.
  • LockBit was a highly destructive ransomware variant responsible for attacks on over 2,500 victims globally, including hospitals, businesses, and government agencies.
  • Khoroshev allegedly designed LockBit as a RaaS (Ransomware-as-a-Service), providing tools and infrastructure to other criminals who launched the attacks.
  • Victims included individuals, small businesses, critical infrastructure, and even a children’s hospital. LockBit raked in over $500 million in ransom payments.
  • Khoroshev allegedly kept 20% of each ransom payment, while attackers received the remaining 80%. He personally profited at least $100 million.
  • Law enforcement seized LockBit infrastructure, revealing Khoroshev lied to victims about deleting stolen data even after ransom payments.
  • Khoroshev faces up to 185 years in prison on various charges related to fraud, extortion, and computer hacking.
  • This takedown is part of a larger investigation that has now charged six LockBit members in total.

Follow on

 TelegramFacebookTwitterLinkedInInstagram and YouTube

Continue Reading