LockBit Ransomware Gang Leader Identified and Sanctioned

Reading Time: 2 minutes
  • The UK National Crime Agency has identified Russian national Dmitry Khoroshev as the alleged leader of the ransomware gang LockBit
  • Khoroshev, also known as “LockBitSupp,” has been sanctioned by the UK, US, and Australia following the group’s infrastructure takedown
  • LockBit has previously targeted high-profile organizations worldwide, demanding cryptocurrency payments

The UK National Crime Agency (NCA) has publicly identified Russian national Dmitry Khoroshev as the alleged leader of the notorious ransomware gang LockBit. Known online as “LockBitSupp,” Khoroshev has been sanctioned by the UK, US, and Australia after law enforcement successfully dismantled the group’s infrastructure. LockBit was once regarded as one of the world’s most dangerous ransomware groups, targeting high-profile entities and demanding payment in cryptocurrencies.

Royal Mail and Boeing Among Targets

LockBit operated for around four years, becoming notorious for widespread ransomware attacks that targeted thousands of victims worldwide, including the UK, causing billions of dollars in losses due to both ransom payments and recovery costs.

The group’s victims included Royal Mail and Boeing, using malicious software to infiltrate a victim’s network, encrypt their systems, and steal their data. They would then demand a ransom in cryptocurrency, threatening to publish the stolen data unless the payment was made. 

Lockbit also offered ransomware-as-a-service to a global network of affiliates, providing them with tools and infrastructure to facilitate their attacks.

$10 Million Reward for Information

The NCA revealed in February that it had disrupted LockBit’s activities and yesterday unmasked its leader, naming Khoroshev as the group’s head, a man so confident in maintaining his anonymity that he offered a $10 million bounty to anyone who could reveal his identity. Instead, Khoroshev now faces a US government reward of up to $10 million for information leading to his arrest or conviction.

Graeme Biggar, the NCA’s director general, emphasized the impact of the dismantling of the LockBit, stating: “These sanctions are hugely significant and show that there is no hiding place for cybercriminals like Dmitry Khoroshev.” He highlighted that the operation severely degraded LockBit’s capabilities, reducing it to a “much less sophisticated enterprise.”

UK Security Minister Tom Tugendhat echoed the sentiment, noting that revealing Khoroshev’s identity serves as a clear warning to cybercriminals: “You cannot hide. You will face justice.”

However, Khoroshev remains elusive due to Russia’s refusal to extradite cybercriminals and the strained diplomatic relations following its invasion of Ukraine, rather undermining Tugendhat’s bombastic claims.