LockbitSupp suspect identified as Dmitry Khoroshev | #ransomware | #cybercrime

The United States, United Kingdom and Australia on Tuesday alleged that the leader of LockBit is a Russian national called Dmitry Yuryevich Khoroshev who had worked under the pseudonym LockbitSupp.

The reveal of Khoroshev’s identity had been teased on the ransomware group’s own darknet extortion site which was seized by the United Kingdom’s National Crime Agency (NCA) earlier this year.

A 26-count indictment has been unsealed in the United States charging Khoroshev, 31, with developing and operating the LockBit ransomware service. A reward of up to $10 million is being offered for information leading to his arrest and/or conviction.

While the LockBit had previously been used to publish stolen information from the ransomware gang’s victims, under the control of the NCA it was instead used to show off how much information investigators had obtained from the service’s backend. On Tuesday, police uploaded a wanted poster for Khoroshev to the site.

LockBit had been the most impactful and prolific ransomware-as-a-service (RaaS) organization in operation over the past four years. It monetised cyberattacks disrupting thousands of businesses worldwide, including Boeing and Royal Mail.

LockBit-linked cyberattacks had repeatedly sought to profit by risking lives, including by forcing two major hospitals in upstate New York to divert ambulances, and, just days before Christmas, attacking Toronto’s Hospital for Sick Children, causing diagnostic and treatment delays for its patients — as well as extraordinary distress for the families affected — because clinical teams were struggling to receive lab reports and imaging results.

Similar to software-as-a-service companies, RaaS gangs provide a platform to customers. The customers were hackers (known as “affiliates” within the ransomware ecosystem) who after breaching a victim, then paid to access a LockBit control panel from which they use the service to encrypt devices on the target network and/or steal data and threaten to publish it on the platform’s darknet site unless an extortion fee was paid.

LockBit consistently published the data of more victims who refused to pay a ransom to its darknet extortion site than any other outfit, over 2,000 according to the latest count — more than its closest three competitors (Conti, AlphV, Clop) combined.

Khoroshev is accused of creating, as LockbitSupp, an effective RaaS enterprise — functioning more as a chief executive than a support account or an administrator as his moniker implied.

According to Jon DiMaggio — the chief security analyst at Analyst1 who told the Click Here podcast about infiltrating the LockBit group — Khoroshev upended the ransomware ecosystem by putting affiliates in charge of the extortion negotiations, with an automated system in place that saw LockBit collect 20% of the extortion fee as a commission.

Officials said they believed the gang accounted for 25% of all ransomware attacks globally as of the takedown in February.

This is a breaking news story and will be updated. 

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Source link


National Cyber Security