TechU.S. Charges Mastermind Behind LockBit Ransomware, Seeks 185-Year Sentence

U.S. Charges Mastermind Behind LockBit Ransomware, Seeks 185‑Year Sentence

online threats

Images source: © Pixabay

4:22 PM EDT, May 14, 2024

The United States Department of Justice has charged Dmitry Yuryevich Khoroshev with creating and operating the LockBit ransomware, which has been labeled as one of the most efficient and harmful digital extortion tools globally.

According to The Verge, Khoroshev played a pivotal role in LockBit's operations since its emergence in September 2019. Over the years, the software has targeted more than 2,500 victims across at least 120 countries, generating at least $500 million in ransom revenue for the group under Khoroshev's leadership.

How did LockBit operate?

LockBit worked on a "ransomware as a service" model, allowing cybercriminals to lease the software to launch attacks. This ransomware was responsible for several notable attacks, including incidents involving the UK mail service, a children's hospital, and St. Marys, a small Canadian town in Ontario. In February of this year, efforts by U.S. and UK authorities led to the seizure of websites and servers linked to LockBit, securing keys to assist organizations in data recovery. Alongside Khoroshev, Arthur Sungatov and Ivan Kondratyev were charged for deploying LockBit in attacks within the USA.

What consequences does Khoroshev face?

Khoroshev, who retained 20% of every ransom and oversaw the data leak site, faces 26 charges, including conspiracy to commit fraud and eight counts of extortion by damaging legally protected computers. His potential sentence could amount to up to 185 years. The United States Department of Justice is offering a $10 million reward for information leading to his capture. Philip R. Sellinger, the U.S. Attorney for the District of New Jersey, highlighted this as a crucial step in the investigation against LockBit, disrupting its operations significantly and leading to the indictment of its key members, including Khoroshev.

Was LockBit dismantled?

Despite significant actions by law enforcement, LockBit continues to operate. Recent efforts by the FBI and Europol to take down the group's infrastructure and impede its activities involved seizing servers, capturing essential infrastructure components, and converting the group's data leak site into a law enforcement press portal, significantly hindering LockBit's activities. These actions resulted in the deletion of the group's online infrastructure, including servers in the United States. They provided victims with decryption keys, enabling them to recover their data without ransom. However, despite these actions, some dark websites associated with the group remain active, and the damage from past attacks cannot be undone.

source: The Verge