LockBit ransomware administrator revealed

The UK National Crime Agency (NCA) has unmasked the identity of the administrator and developer of the LockBit ransomware gang as a 31-year-old Russian named Dmitry Yuryevich Khoroshev, who went by the names LockBitSupp and putinkrab. Khoroshev, who started LockBit around September 2019, is believed to have amassed at least $100 million in the past few years.

Following the announcement, Khoroshev has been sanctioned by the UK Foreign, Commonwealth and Development Office (FCD), the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs. He is now subject to asset freeze and travel bans, and the US Department of State has a reward of up to $10 million for any information leading to his arrest and/or conviction.

In a press statement, Europol shared that they were in possession of over 2,500 decryption keys and are in touch with  LockBit victims to offer support. The Department of Justice (DoJ) has charged Khoroshev on 26 counts.

LockBit, which was one of the most active ransomware-as-a-service (RaaS) groups, was dismantled early this year. It’s estimated to have targeted over 2,500 victims worldwide and received more than $500 million in ransom payments. Until now, six members affiliated with it have been charged. These include Mikhail Vasiliev, Mikhail Matveev, Ruslan Magomedovich Astamirov, Artur Sungatov and Ivan Gennadievich Kondratiev. While LockBit has created new leak sites, NCA notes that the group is at limited capacity, and the threat from LockBit has significantly reduced.