TechU.S. charges architect of LockBit ransomware in major cyber crackdown

U.S. charges architect of LockBit ransomware in major cyber crackdown

The United States Department of Justice has charged Dmitry Yuryevich Khoroshev, accusing him of creating and operating the LockBit ransomware, which has been described as one of the most productive and destructive digital extortion tools in the world.

online threats
online threats
Images source: © Pixabay

14 May 2024 19:22

The Verge reports that Khoroshev played a crucial role in LockBit's operations since the group's emergence in September 2019. In just a few years, it has victimized over 2,500 victims from at least 120 countries, earning the group, under Khoroshev's leadership, revenues of at least $500 million from ransoms.

how did LockBit work?

LockBit operated on the principle of "ransomware as a service," allowing cybercriminals to rent software to attack victims. This software was linked to several high-profile attacks on UK mail, a children's hospital, and the small Canadian town of St. Marys in Ontario. As The Verge reports, in February of this year, U.S. and UK services seized the websites and servers used by LockBit, securing keys that could assist organizations in regaining access to their data.

Alongside Khoroshev, Arthur Sungatov and Ivan Kondratyev were also charged with using LockBit to target victims in the USA.

What consequences does Khoroshev face?

Khoroshev, who took 20% of every ransom and managed the data leak site, is now facing 26 charges, including conspiracy to commit fraud and eight counts of extortion involving the destruction of legally protected computers. He could be sentenced to up to 185 years if found guilty of all charges. The United States Department of Justice has also announced a reward of $10 million for information leading to his capture. The U.S. Attorney for the District of New Jersey, Philip R. Sellinger, highlighted that this is a pivotal moment in the investigation against LockBit members, including Khoroshev, which has interrupted the group's operations and resulted in the indictment of two members.

Was LockBit dismantled?

Despite significant law enforcement efforts, the LockBit ransomware group remains active. Recent actions by the FBI and Europol aimed to dismantle the group's infrastructure and disrupt its operations. These efforts included seizing servers, intercepting key infrastructure components, and transforming the group's data leak site into a law enforcement press portal, significantly impairing LockBit's functionality.

During the operation, the group's online infrastructure within the United States was eliminated, offering victims of the ransomware decryption keys to recover encrypted data without paying a ransom. Unfortunately, despite these measures, the group's dark websites remain online, and the damage caused by past attacks cannot be reversed.

© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.