Technology

LockBit ransomware gang leader indicted

A TV screen shows the front page of LockBit's dark-web leak site that was replaced with the words "this site is now under control of law enforcement," alongside the flags of the U.K., the U.S. and several other nations during the law enforcement press conference to outline the details of a law enforcement operation against the ransomware syndicate LockBit in London, Tuesday, Feb. 20, 2024.. (AP Photo/Kelvin Chan)

The Department of Justice (DOJ) has identified and indicted a senior leader of the Russia-based LockBit ransomware group as the U.S. government continues its pursuit of those involved in the group’s cybersecurity attacks in recent years.

Dmitry Yuryevich Khoroshev is facing 26 counts in federal court in New Jersey for his alleged role in the creation and development of the LockBit group from its beginning in September 2019 through the present, federal prosecutors announced Tuesday.

LockBit is a syndicate group that accounted for more than 20 percent of the nearly 4,000 attacks across the globe last year in which ransomware gangs posted data stolen from victims to extort payment.

Khoroshev, 31, of Voronezh, Russia, allegedly pocketed an estimated $100 million extorted from victims for himself after he arranged for the design of the LockBit ransomware code, recruited other group members and provided them with the tools to deploy LockBit, per the DO.J.

“Dmitry Khoroshev conceived, developed, and administered Lockbit, the most prolific ransomware variant and group in the world, enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe,” U.S. Attorney Philip R. Sellinger for the District of New Jersey wrote in a statement.

The indictment, unsealed on Tuesday, comes after U.S. law enforcement agencies, in partnership with the U.K National Crime Agency’s Cyber Division, disrupted LockBit in February by seizing control of its servers. They were able to connect to the organization’s infrastructure and disrupt LockBit’s ability to attack and encrypt networks, the DOJ said.

Information seized in February allegedly showed Khoroshev kept copies of data stolen from those who paid the ransom despite promises to victims that the data would be deleted after payment, the DOJ said.

“Today we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme, which has targeted over 2,000 victims and stolen more than $100 million in ransomware payments,” Attorney General Merrick Garland said in a statement.

Khoroshev is also accused of communicating with law enforcement after the February seizure and asking them to disclose the identities of his ransomware competitors in exchange for his services, prosecutors said.

He faces 26 counts, which carry a maximum total penalty of 185 years in prison and fines of up to $250,00.

The U.S. Treasury Department also imposed sanctions against Khoroshev on Tuesday.

In February, the State Department announced it is offering rewards up to $15 million for information that leads to the identification, location, arrest or conviction of any individual allegedly involved in LockBit’s attacks.

Including Khoroshev, a total of six LockBit members have been indicted for their alleged role in the ransomware attack, the DOJ said.