gophernews.net

 (DIR) Home
        
        
       US, UK finally sanction and charge 'LockBit kingpin' • The Register
        
 (HTM) Source
        
       ----------------------------------------------------------------------
        
       Updated Police have finally named who they firmly believe is the
       kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.
        
       Khoroshev's unmasking and addition to Western sanctions lists
       represents a landmark revelation in the cops' efforts to disrupt and
       dismantle the LockBit operation, the bulk of which action was carried
       out in February under the code-name Operation Cronos.
        
       Many thought the unveiling of the Russian national's true identity,
       which had been kept a closely guarded secret for years, would come
       that chilly month as the cherry on top of LockBit's downfall. The
       authorities chose not to reveal his name at the time, and it isn't
       clear why they've chosen now to do so.
        
       Back in February, the cops merely teased the fact they knew the
       identity of Khoroshev, aka LockBitSupp, with a final post on the
       confiscated LockBit website saying of the gang's leader:
        
       Today's naming will provide a tidy bookend to the two-month tease,
       though given his residence in Voronezh, Russia, the charges and
       sanctions leveled against Khoroshev, 31, are unlikely to result in
       justice.
        
       We're told that the UK, US, and Australia have sanctioned the Russian
       national, while America has charged him with criminal complaints.
       Britain's cops as well as the Feds in the US described Khoroshev as an
       administrator, creator, and developer of the ransomware, which has hit
       thousands of targets and raked in more than $100 million in ransoms.
        
       "These sanctions are an important moment in our fight against cyber
       criminals behind the LockBit ransomware group, which is now on its
       knees following our disruption earlier this year," said Graeme Biggar,
       director general at the UK National Crime Agency (NCA), which led
       Operation Cronos.
        
       "They have caused untold damage to schools, hospitals, and major
       companies across the world, who've had to pick up the pieces following
       devastating cyber attacks.
        
       "Dmitry Khoroshev thought he was beyond reproach, even offering $10
       million to anyone who could reveal his identity, but these actions
       dispel that myth. Our investigation into LockBit and its affiliates
       continues and, working with our international partners, we'll do
       everything we can to undermine their operations and protect the
       public."
        
       Accused ... Dmitry Yuryevich Khoroshev. Source: NCA
        
       In an interview with malware librarians VX-Underground, Khoroshev said
       whatever law enforcement was planning to reveal was a lie.
        
       The Russian said: "I don't understand why they're putting on this
       little show. They're clearly upset we continue to work."
        
       The United States is meanwhile offering its own $10 million reward to
       anyone who can provide authorities with information leading to the
       arrest and/or conviction of Khoroshev, or any other individual who
       holds a senior leadership position within LockBit.
        
       Under Operation Cronos, British police, the FBI, and other
       international cops dramatically infiltrated the gang and seized
       LockBit's blog where its victims are listed and stolen data is
       published.
        
       The NCA then repurposed the site as an exposé hub, sharing various
       insights gleaned about crew. After pulling the site offline, Operation
       Cronos revived it over the weekend and today it became an exposé hub
       once again.
        
       Offering an update on its investigation, the Operation Cronos team
       said they looked deep into LockBit's 194 affiliates and concluded that
       114 appear to have never earned a penny from their time spent
       attacking organizations.
        
       A total of 119 affiliates engaged in negotiations with victims, but at
       least 39 of these appear to have never received a ransom payment. An
       additional 75 affiliates appear to have never engaged in any
       negotiations, meaning they would never have received a payment.
        
       Some 114 affiliates will be probed by law enforcement for criminal
       activity despite never seeing any success in their endeavors, all
       after spending thousands to join the criminal gang. Various identities
       were uncovered and a small number of arrests were made in February.
       The Western plod were unable to snare more given that most of
       LockBit's members reside in Russia.
        
       Some mystery has shrouded LockBit's operation since the initial
       takedown attempt. Its suspected leader, Khoroshev, who was expected to
       be unmasked in February, remained anonymous, created another blog, and
       continued to claim responsibility for ransomware infections. The Feds'
       efforts to take the gang down appeared to be largely fruitless.
        
       Post-bust, LockBit claimed to have hit more victims, though these
       merely appeared to be organizations the crew extorted in years past.
       The NCA also believes some of the attacks claimed by LockBit after the
       February disruption were actually carried out by rival ransomware
       gangs.
        
       Despite Khoroshev's attempts to rebuild the operation, LockBit remains
       significantly upended. Per the NCA, LockBit is "running at limited
       capacity" and its global threat has been "significantly reduced."
        
       More than 7,000 attacks were launched using LockBit's tools between
       June 2022 and February 2024, said the crime-busting agency having
       pored over files collected from its takedown of the gang's IT.
        
       The extortionists targeted more than 100 hospitals and healthcare
       companies, and at least 2,110 victims total began negotiations with
       the criminals.
        
       The NCA said: "Data shows that the average number of monthly LockBit
       attacks has reduced by 73 percent in the UK since February's action,
       with other countries also reporting reductions. Attacks appear to have
       been carried out by less sophisticated affiliates with lower levels of
       impact."
        
       Of the 194 affiliates registered with LockBit as of February, the
       number has fallen to 69, suggesting many have lost confidence in the
       gang and shifted their allegiances elsewhere.
        
       UK security minister Tom Tugendhat said: "Cybercriminals think they
       are untouchable, hiding behind anonymous accounts as they try to
       extort money from their victims.
        
       "By exposing one of the leaders of LockBit, we are sending a clear
       message to these callous criminals. You cannot hide. You will face
       justice." ®
        
       _**Editor's note:** This story was updated with more information from
       the Dept of Justice and NCA. You can watch US prosecutors lay out
       their case in the video below._
        
       Youtube Video
        
        
        
        
       ______________________________________________________________________
                                                 Served by Flask-Gopher/2.2.1