Skip to main content
Customer Support Customer Support

LockBit ransomware admin identified, sanctioned in US, UK, Australia

Petrovic
Gold VIP
Forum|alt.badge.img+52

The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time.


According to a new indictment by the US Department of Justice and a press release by the NCA, the LockBit ransomware operator known as 'LockBitSupp' has been confirmed to be a Russian national named Dmitry Yuryevich Khoroshev, who reportedly earned $100 million as part of the gang's activities.
"The sanctions against Russian national Dmitry Khoroshev (pictured), the administrator and developer of the LockBit ransomware group, are being announced today by the FCDO alongside the US Department of the Treasury's Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs," announced the National Crime Agency.


"Khoroshev, AKA LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans."

 

Full article

Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup

    4 replies

    TylerM
    Administrator
    Forum|alt.badge.img+25
    • TylerM
    • Sr. Security Analyst & Community Manager
    • 1275 replies
    • May 7, 2024

    Oh yeah I’ve been checking it out all morning

     

    https://home.treasury.gov/news/press-releases/jy2326

    I’ll have a post written as soon as I can

    ProTruckDriver
    Jasper_The_Rasper
    Petrovic
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Petrovic
      Petrovic
    • TripleHelix
      TripleHelix
    TylerM
    Administrator
    Forum|alt.badge.img+25
    • TylerM
    • Sr. Security Analyst & Community Manager
    • 1275 replies
    • May 7, 2024

    In about an hour all that stuff will get released on the siezed leaksite and I’ll share what I have in a post

    Drama on this has been off the charts📈

    ProTruckDriver
    Jasper_The_Rasper
    Petrovic
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Petrovic
      Petrovic
    • TripleHelix
      TripleHelix
    TripleHelix
    Moderator
    Forum|alt.badge.img+63
    • TripleHelix
    • Moderator
    • 9168 replies
    • May 8, 2024
    TylerM wrote:

    In about an hour all that stuff will get released on the siezed leaksite and I’ll share what I have in a post

    Drama on this has been off the charts📈

    Anything new on this?

    Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
    ProTruckDriver
    Jasper_The_Rasper
    TripleHelix
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54

    How Did Authorities Identify the Alleged Lockbit Boss?

     

    May 13, 2024 By Brian Krebs

     

    Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.

    Dmitry Yuryevich Khoroshev. Image: treasury.gov.

    On May 7, the U.S. Department of Justice indicted Khoroshev on 26 criminal counts, including extortion, wire fraud, and conspiracy. The government alleges Khoroshev created, sold and used the LockBit ransomware strain to personally extort more than $100 million from hundreds of victim organizations, and that LockBit as a group extorted roughly half a billion dollars over four years.

    Federal investigators say Khoroshev ran LockBit as a “ransomware-as-a-service” operation, wherein he kept 20 percent of any ransom amount paid by a victim organization infected with his code, with the remaining 80 percent of the payment going to LockBit affiliates responsible for spreading the malware.

    Financial sanctions levied against Khoroshev by the U.S. Department of the Treasury listed his known email and street address (in Voronezh, in southwest Russia), passport number, and even his tax ID number (hello, Russian tax authorities). The Treasury filing says Khoroshev used the emails sitedev5@yandex.ru, and khoroshev1@icloud.com.

    According to DomainTools.com, the address sitedev5@yandex.ru was used to register at least six domains, including a Russian business registered in Khoroshev’s name called tkaner.com, which is a blog about clothing and fabrics.

    A search at the breach-tracking service Constella Intelligence on the phone number in Tkaner’s registration records  — 7.9521020220 — brings up multiple official Russian government documents listing the number’s owner as Dmitri Yurievich Khoroshev.

     

    >> Full Article <<

    ProTruckDriver
    Jasper_The_Rasper
    Petrovic
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Petrovic
      Petrovic
    • TripleHelix
      TripleHelix

    Reply


    Terms & Conditions