This is the alleged leader of LockBit, the world’s most wanted cybercriminal.
Dmitry Yuryevich Khoroshev, 31 years old, native of Russia, pseudonym LockBitSupp. On Tuesday, the FBI and security forces in Britain and Australia identified the Russian national as the alleged leader of LockBit, the world’s most dangerous cybercrime group. Organization specializing in attacks ransomware or file theft, has approximately 2,500 confirmed victims worldwide. Among them are several Spanish multinational corporations or the Seville City Council.
It is estimated that LockBit raised more than US$500 million by collecting ransoms and extorting victims not to publish stolen sensitive data. Cybersecurity experts have been trying to unravel who is behind the LockBitSupp user since 2020, but until now it has remained a mystery.
However, in February last year, an international operation brought LockBit under control for the first time. The security forces managed to take control of part of the infrastructure that the gang used to carry out its attacks, as well as its official portal on the darknet. “We blocked them,” said the head of Britain’s cybercrime agency, who coordinated the action, which also included agents from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland and Germany.
However, LockBit returned to duty two days later and assured that the offensive had caused virtually no damage to the organization. Since then, his attacks have not stopped.
This Tuesday, agents dealt another blow to the group by publishing the identity of the organization’s leader and a large number of its alleged associates. In the case of Khoroshev, the US State Department offered a reward of $10 million to anyone who could help find him.
Two of their emails and their cryptocurrency wallet addresses were also published, but not their biographical information or previous careers. “As the primary leader of the LockBit group and the developer of the LockBit ransomware, Khoroshev held various operational and administrative positions within the cybercriminal group and benefited financially from the attacks,” the State Department statement explained.
LockBit uses a model known as ransomware-as-a-service, whereby the organization licenses its software to affiliated cybercriminals in exchange for payment in addition to a percentage of the ransom received. It operates like a true multinational corporation, with connections in many countries and specialized departments in each branch of its business: development, talent acquisition or negotiations with victims.
Khoroshev will be the person who will manage this entire structure. “He contributed to LockBit’s infrastructure upgrades, hired new ransomware developers, and managed LockBit’s subsidiaries,” the same statement said.
Security forces involved in the February operation against LockBit also hold Khoroshev responsible for LockBit’s attempts to continue attacks after they managed to take down part of its infrastructure.
The group quickly responded to the publication of the identity of its alleged leader. Just an hour later, he released the identities of 16 new victims, whom he gives one month to negotiate a ransom. Among them is one of the main logistics companies in Scandinavia and a major distributor of Mercedes-Benz cars in Germany.