Home / Royal Mail / Mastermind behind world’s most dangerous ransomware gang Lockbit that carried out damaging cyber attacks on Royal Mail and Porton Down is unmasked as Russian hacker

Mastermind behind world’s most dangerous ransomware gang Lockbit that carried out damaging cyber attacks on Royal Mail and Porton Down is unmasked as Russian hacker

The mastermind behind the world’s most dangerous ransomware gang Lockbit that carried out damaging cyber attacks on Royal Mail and Porton Down has been unmasked as a Russian hacker.

The National Crime Agency has identified the Russian national behind the cybercrime group as Dmitry Yuryevich Khoroshev.

The alleged leader’s identity was revealed following the dramatic seizure of the criminal gang’s infrastructure in February, and Khoroshev now faces asset freezes and travel bans.

He has been sanctioned by the UK, US, and Australia as a result of the unmasking.

‘These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe,’ Graeme Biggar, Director General of Britain’s National Crime Agency, said in a statement. 

‘He was certain he could remain anonymous, but he was wrong’.

The National Crime Agency has identified the Russian national behind the cybercrime group LockBit as Dmitry Yuryevich Khoroshev

Visitors to the Lockbit website saw a message saying it is 'under the control of law enforcement' in February

Visitors to the Lockbit website saw a message saying it is ‘under the control of law enforcement’ in February

Khoroshev, who paraded himself online under the moniker LockBitSupp, was notoriously so certain of his anonymity that he once offered a staggering £8million reward to anyone who could reveal his identity.

The US government is now offering a reward of up to $10million for anyone who can provide information that will lead to his arrest or conviction.

According to the US Office of Foreign Assets Control, Khoroshev is 31 and lives in Russia, with details of his sanction designation also listing multiple email addresses and cryptocurrency addresses, alongside his Russian passport details.

The US has also filed an indictment against him. 

LockBit was first disrupted by the NCA, U.S. Department of Justice, FBI and Europol in February, in an unprecedented campaign that saw the gang’s darkweb site hijacked by police and used to leak internal information about the group and the people behind it.

‘In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cyber-criminal activity emanating from Russia,’ Britain’s Sanctions Minister Anne-Marie Trevelyan said in a statement. 

LockBit was seen as one of the world’s most dangerous ransomware groups and its high-profile victims included the Royal Mail, Boeing, and Porton Down.

In February, LockBit’s entire ‘command and control’ structure was seized by law enforcement after a joint international operation.

Following the reveal of the alleged leader, UK security minister Tom Tugendhat said: ‘Cybercriminals think they are untouchable, hiding behind anonymous accounts as they try to extort money from their victims.

‘By exposing one of the leaders of LockBit, we are sending a clear message to these callous criminals. You cannot hide. You will face justice.’

Khoroshev is expected to remain at large for the time being as officials scramble to obtain any information that will lead them to a solid conviction.

Lockbit are thought to have been behind as many as 1,400 cyber-attacks globally and brought Japan’s busiest cargo port to a shuddering halt in July after attacking the system that manages the movement of containers.

Russian national Magomedovich Astamirov has been charged in the US for ‘involvement in deploying numerous LockBit ransomware and other attacks in the US, Asia, Europe, and Africa’.

And last year the US announced charges against Russian-Canadian Mikhail Vasiliev, who is being held in Canada awaiting extradition.

Another Russian, Mikhail Pavlovich Matveev, is wanted for alleged participation in other Lockbit attacks.

Ransomware is the costliest and most disruptive form of cybercrime, crippling local governments, court systems, hospitals and schools as well as businesses. It is difficult to combat as most gangs are based in former Soviet states and out of reach of Western justice. 

Law enforcement agencies have scored some recent successes against ransomware gangs, most notably the FBI’s operation against the Hive syndicate. But the criminals regroup and rebrand.

The NCA has previously warned that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted.

Experts have said that LockBit may try to rebuild its operation but Chris Morgan, analyst from cyber security firm ReliaQuest, said the law enforcement action was ‘a significant short-term blow’. 

What is ransomware? 

Cybercriminals mounting a ransomware attack first hack into a computer system before using ‘blockers’ to stop their victim accessing their device.

This may include a message telling them this is due to ‘illegal content’ such as porn being identified on their device.

Hackers then ask for a ransom to be paid, often in the form of Bitcoins or other untraceable cryptocurrencies, for the block to be removed.

In Lockbit’s case, the gang stole sensitive information and threatened to release it in public if no ransom was paid.

In May 2017, a massive ransomware virus attack called WannaCry spread to the computer systems of hundreds of private companies and public organisations across the globe.


Source link

About admin

Check Also

Royal Mail threatens more stamp price rises after £120 million Budget hit

Royal Mail’s top brass has signalled potential further stamp price increases following a £120million National …

Leave a Reply

Your email address will not be published. Required fields are marked *