Alleged LockBit admin and lead developer named and targeted by US, UK and Australian authorities – Business

Authorities in the U.K., U.S., and Australia today revealed new sanctions against the infamous Russian hacking gang LockBit and named a Russian man believed to be the group’s administration and lead developer.

The man alleged to lead LockBit is Russian national Dmitry Khoroshev. Known online as LockBitSupp, Khoroshev is claimed by the U.K. National Crime Agency to have thrived on anonymity and had previously offered a $10 million reward to anyone who could reveal his identity.

As a result of his being identified, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office, the U.S. Department of the Treasury’s Office of Foreign Assets Control and the Australian Department of Foreign Affairs.

Along with the name and face reveal, the U.S. Justice Department also unsealed charges against Khoroshev, revealing that a grand jury in the District of New Jersey had indicted him on 26 counts.

Khoroshev stands accused of acting as the LockBit ransomware group’s developer and administrator from its inception in or around September 2019 through May 2024. In that time, Khoroshev and his affiliates grew LockBit into what was, at times, the most active and destructive ransomware group and variant in the world, with over 2,500 victims in at least 120 countries, including 1,800 victims in the United States.

He is also alleged to be the mastermind behind the LockBit ransomware-as-a-service model, designing the LockBit ransomware code and then recruiting affiliates to deploy the ransomware against victims. As LockBit’s developer, Khoroshev typically received a 20% share of each ransomware payment extorted from LockBit. The Justice Department claimed that he had received at least $100 million in digital currency payments as a result of LockBit affiliate ransomware attacks.

The decision to go after Khoroshev is the second stage of Operation Cronos, an international task force that was put together specifically to target LockBit. The first stage of the operation in February saw the LockBit site taken offline and the arrest of two LockBit affiliates.

The takedown of the LockBit site is still being noted among the various releases today as some sort of amazing win, despite the fact that LockBit was offline for barely a week. It was back up and running by Feb. 26.

Although international law enforcement targeting ransomware groups is undoubtedly a noble cause, as noted when LockBit returned, “all the U.K. National Crime Authority, the U.S. Federal Bureau of Investigation and others did was cut two heads off a multiheaded hydra — it may have caused some short-term pain, but hydra heads grow back.”

And given that Khoroshev currently resides in Russia, unless he’s silly enough to travel to a country that has an extradition treaty with the U.S., indicting him is nothing more than making noise and appearing to do something. The Russians aren’t going to hand him over, which means he will continue to be free to run LockBit as he allegedly does now, even if LockBit isn’t quite as prominent as it once was.

Images: LockBit, UK NCA