The administrator and developer of the LockBit ransomware operation has been revealed to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev, unmasked by the U.K. National Crime Agency (NCA).
Dmitry Yuryevich Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs.
Authorities are in possession of over 2,500 decryption keys according to a press statement by Europol and are reaching out to LockBit victims to offer support.
Khoroshev, known by the aliases LockBitSupp and putinkrab, has faced asset freezes, travel bans, and a reward of up to $10 million for his arrest and conviction by the U.S. Department of State.
A total of six members of the LockBit conspiracy, including Mikhail Vasiliev, Mikhail Matveev, Ruslan Magomedovich Astamirov, Artur Sungatov, and Ivan Kondratyev, have been charged in an indictment unsealed by the Department of Justice (DoJ).
The charges against Khoroshev carry a maximum penalty of 185 years in prison and significant monetary penalties.
NCA Director General Graeme Biggar stated, “Today’s announcement puts another huge nail in the LockBit coffin and our investigation into them continues.”
LockBit utilized a ransomware-as-a-service (RaaS) model, targeting over 2,500 victims globally and receiving more than $500 million in ransom payments before being dismantled in February as part of a coordinated operation called Cronos.
Penny Wong, Minister for Foreign Affairs of Australia, highlighted LockBit’s impact on Australian businesses and the RaaS’s double extortion tactics in which sensitive data is exfiltrated before demanding ransom.
Khoroshev, who founded LockBit in September 2019, is estimated to have profited at least $100 million from the scheme over the past four years.
The NCA revealed that LockBit’s attempts to resurface post-law enforcement action have been unsuccessful, with the group resorting to posting old and fake victims on its new data leak site.
The RaaS scheme involved 194 affiliates, with the number of active affiliates dropping to 69 after the takedown operation in February.
Khoroshev played a significant role in the LockBit group as a leader and developer, facilitating the upgrading of the infrastructure, recruitment of new developers, management of affiliates, and efforts to continue operations post-disruption.
