This was published 7 months ago
Unmasked: Notorious Russian cyber criminal who plundered hospitals with ransomware
By Rob Harris
London: The leader of one of the world’s most prolific cybercrime gangs has been unmasked and sanctioned by Australia, Britain and the United States, following a years-long international disruption campaign.
Russian national Dmitry Yuryevich Khoroshev, 31, was named as the mastermind behind the notorious LockBit ransomware operation, which has been on a hacking rampage for years, digitally extorting an estimated $1 billion from its victims.
Khoroshev had remained an enigma while he hid behind online monikers “LockBitSupp” and “putinkrab”. He evaded identification and bragged that people wouldn’t be able to reveal his offline identity – even offering a $US10 million reward to anyone who could reveal his identity.
LockBit provided ransomware-as-a-service to a global network of hackers or “affiliates”, supplying them with the tools and infrastructure to carry out attacks and negotiated ransom payments. The hackers were then asked to provide LockBit with about 20 per cent of their profits.
LockBit was first disrupted in February, in an unprecedented campaign in which the gang’s dark web site was hijacked by police and used to leak internal information about the group and the people behind it.
Before Operation Cronos – which involved cyberspy agency the Australian Signals Directorate and the Australian Federal Police – took LockBit offline, it had risen to become one of the most prolific ransomware groups ever, launching hundreds of attacks a month and ruthlessly publishing stolen data from companies if they refused to pay.
LockBit ransomware, a malicious software that encrypts data, was used in 18 per cent of total reported Australian ransomware incidents in 2022-23 with 119 reported victims. Global data obtained by law enforcement agencies from their systems showed that between June 2022 and February 2024, more than 7000 attacks were built using their services.
Attacks targeted more than 100 hospitals and healthcare companies worldwide and at least 2110 victims were forced into some degree of negotiation by cyber criminals.
Authorities said the group, many of whose members are based in Russia, was responsible for a quarter of all ransomware attacks globally last year. It targeted individuals, small businesses, critical infrastructure, hospitals, schools, corporations, non-profit organisations, and government and law enforcement agencies. Its high-profile victims included aerospace company Boeing.
US Attorney for New Jersey Philip Sellinger said Khoroshev had “conceived, developed, and administered” the group, wreaking havoc and causing billions of dollars in damage to thousands of victims around the globe.
“He thought he could do so hidden by his notorious moniker ‘LockBitSupp’, anonymous and free of any consequence, while he personally pocketed $US100 million extorted from LockBit’s victims,” Sellinger said. “Through relentless investigation and co-ordination with our partners ... abroad, we have proven him and his co-conspirators wrong.”
Khoroshev, who is believed to be in Russia, faces 26 criminal charges in New Jersey federal court, including fraud, extortion, and damaging protected computers. In total, the charges carry a maximum penalty of 185 years in prison. He will now be subject to a series of asset freezes and travel bans.
But he is likely to remain at large for some time. Moscow has never formally extradited cybercriminals, and the freezing of relations after its full-scale invasion of Ukraine in 2022 led to a near-total cessation of all enforcement action domestically.
Federal Home Affairs Minister Clare O’Neil, who is responsible for cybersecurity, said the damage done by LockBit in Australia was significant.
“For too long, criminals like those behind LockBit have hidden in the shadows,” she said. “Our government is changing that. Hunting down cybercriminals by working with our international partners to hack the hackers and punishing them where we can.”
Khoroshev is the sixth individual charged for his role in the LockBit operation. Previously, charges were announced against Mikhail Vasiliev, Mikhail Matveev, Ruslan Magomedovich Astamirov, Artur Sungatov, and Ivan Kondratyev.
American agencies published wanted poster on Wednesday promising a $US10 million award for information that would lead to Khoroshev’s arrest.
Khoroshev did not respond to messages sent to email addresses which were publicly listed in the sanctions.
Get a note directly from our foreign correspondents on what’s making headlines around the world. Sign up for the weekly What in the World newsletter here.