The mastermind behind the world’s most dangerous ransomware gang Lockbit that carried out damaging cyber attacks on Royal Mail and Porton Down has been unmasked as a Russian hacker.
The National Crime Agency has identified the Russian national behind the cybercrime group as Dmitry Yuryevich Khoroshev.
The alleged leader’s identity was revealed following the dramatic seizure of the criminal gang’s infrastructure in February, and Khoroshev now faces asset freezes and travel bans.
He has been sanctioned by the UK, US, and Australia as a result of the unmasking.
‘These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe,’ Graeme Biggar, Director General of Britain’s National Crime Agency, said in a statement.
‘He was certain he could remain anonymous, but he was wrong’.
The National Crime Agency has identified the Russian national behind the cybercrime group LockBit as Dmitry Yuryevich Khoroshev
Visitors to the Lockbit website saw a message saying it is ‘under the control of law enforcement’ in February
Khoroshev, who paraded himself online under the moniker LockBitSupp, was notoriously so certain of his anonymity that he once offered a staggering £8million reward to anyone who could reveal his identity.
The US government is now offering a reward of up to $10million for anyone who can provide information that will lead to his arrest or conviction.
According to the US Office of Foreign Assets Control, Khoroshev is 31 and lives in Russia, with details of his sanction designation also listing multiple email addresses and cryptocurrency addresses, alongside his Russian passport details.
The US has also filed an indictment against him.
LockBit was first disrupted by the NCA, U.S. Department of Justice, FBI and Europol in February, in an unprecedented campaign that saw the gang’s darkweb site hijacked by police and used to leak internal information about the group and the people behind it.
‘In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cyber-criminal activity emanating from Russia,’ Britain’s Sanctions Minister Anne-Marie Trevelyan said in a statement.
LockBit was seen as one of the world’s most dangerous ransomware groups and its high-profile victims included the Royal Mail, Boeing, and Porton Down.
In February, LockBit’s entire ‘command and control’ structure was seized by law enforcement after a joint international operation.
Following the reveal of the alleged leader, UK security minister Tom Tugendhat said: ‘Cybercriminals think they are untouchable, hiding behind anonymous accounts as they try to extort money from their victims.
‘By exposing one of the leaders of LockBit, we are sending a clear message to these callous criminals. You cannot hide. You will face justice.’
Khoroshev is expected to remain at large for the time being as officials scramble to obtain any information that will lead them to a solid conviction.
Lockbit are thought to have been behind as many as 1,400 cyber-attacks globally and brought Japan’s busiest cargo port to a shuddering halt in July after attacking the system that manages the movement of containers.
Russian national Magomedovich Astamirov has been charged in the US for ‘involvement in deploying numerous LockBit ransomware and other attacks in the US, Asia, Europe, and Africa’.
And last year the US announced charges against Russian-Canadian Mikhail Vasiliev, who is being held in Canada awaiting extradition.
Another Russian, Mikhail Pavlovich Matveev, is wanted for alleged participation in other Lockbit attacks.
Ransomware is the costliest and most disruptive form of cybercrime, crippling local governments, court systems, hospitals and schools as well as businesses. It is difficult to combat as most gangs are based in former Soviet states and out of reach of Western justice.
Law enforcement agencies have scored some recent successes against ransomware gangs, most notably the FBI’s operation against the Hive syndicate. But the criminals regroup and rebrand.
The NCA has previously warned that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted.
Experts have said that LockBit may try to rebuild its operation but Chris Morgan, analyst from cyber security firm ReliaQuest, said the law enforcement action was ‘a significant short-term blow’.
Source link