Russian hacker indicted for ‘prolific’ ransomware program that targeted N.J. victims | #ransomware | #cybercrime

Federal authorities have charged a Russian National with operating one of the most prolific ransomware operations that targeted hospitals, schools, police departments, municipalities and other entities around New Jersey and other states, U.S. District Attorney Philip R. Sellinger announced Tuesday.

Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia was charged in 26-count indictment of operating LockBit, a ransomware program that others used to target companies around the world with infiltrating data systems and holding sensitive information for ransom paid in bitcoin, officials said.

The charges were handed down by a New Jersey grand jury after prosecutors accused Khoroshev of being LockBit’s administrator and developer from its inception in 2019 through this month. LockBit was disrupted in February 2024 through a joint effort that included the Justice Department, the FBI and the U.K. National Crime Agency’s Cyber Division after they seized the servers used by the network, authorities said.

“As alleged in the indictment, Khoroshev designed LockBit so that after hackers secretly gained access to a victim’s computer systems, they could encrypt or steal the victim’s data, or both,” Sellinger said in a statement. “After Lockbit was deployed, hackers sent victims ransom notes, threatening to publicly share the victims’ stolen data if a ransom of hundreds of thousands or even millions of dollars was not paid. One victim alone received a ransom demand of $200 million. If a victim did not pay up, the hackers would allegedly cause that victim’s private data to be publicly posted, often on what was called a ‘data leak site.’”

Khoroshev remains at large.

Officials said Khoroshev designed the LockBit program and then recruited other members – called “affiliates” – to deploy the ransomware, even providing a dashboard of tools to assist with deployment. Khoroshev collected a fee, typically 20% of the ransom collected after an attack, prosecutors said.

Lockbit collected over $500 million with Khoroshev netting over $100 million, according to authorities. Victims were often asked to pay ransoms using Bitcoin, according to the indictment, and authorities said LockBit had retained sensitive information collected from attacks they promised to delete even after ransoms had been paid.

Khoroshev and his coconspirators grew LockBit into one of the most destructive and active ransomware variants in the world, hitting at least 2,500 victims in 120 countries, authorities said. Over 1,800 victims were located in the United States, including at least seven victims spread across New Jersey, according to officials.

The FBI and Justice Department have offered a $10 million reward for information that leads the Khoroshev’s capture. Authorities said Khoroshev contacted law enforcement after the February 2024 disruption of LockBit offering to cooperate with officials in exchange for returning LockBit to its primacy among other ransomware programs and stating, “give me the names of my enemies.”

A total of six people have been charged since the investigation into LockBit began in 2022. Mikhail Vasiliev, a dual Russian-Canadian citizen was charged by a criminal complaint in November 2022 for his alleged involvement with LockBit. Vasiliev is in custody in Canada awaiting extradition.

In June 2023, another Russian national Ruslan Magomedovich Astamirov was charged in New Jersey district court for his alleged participation in the LockBit group. Astamirov is also in custody and awaiting trial.

The others charged in the LockBit attacks remain at large, including Mikahil Matveev who used a number of ransomware variants to attack several victims including the Washington D.C. Metro Police Department, authorities said. There is another $10 million reward for information leading Matveev’s capture.

Artur Sungatove and Ivan Kondratyev were also indicted in February 2024 for allegedly deploying LockBit ransomware attacks on businesses across the U.S.

Victims were not named in the indictment unsealed Tuesday, but several ransomware attacks across New Jersey have targeted public institutions and private businesses.

The indictment lists at least seven victims in counties across New Jersey including law enforcement entities in Passaic and Monmouth Counties, a municipality in Burlington County, a municipal utilities operator in Gloucester County, a school district in Somerset County, a business in Essex County and a health care system in Union County.

The U.S. Attorney’s Office declined to share any details on who the victims in these cases were, but ransomware attacks in recent months have been debilitating around the state.

Hackensack Meridian Mountainside Medical Center and Pascack Valley Medical Center were part of an extensive, multi-state ransomware attack on Ardent Health Services that suffered a ransomware attack last fall forcing ambulances to reroute to other hospitals as systems were shut down for five days.

The Bridgewater Raritan school district was also a target of ransomware attacks in December 2022 as well as the Freehold school district which was hit earlier this year while Lockbit was operating.

It is unclear if these attacks were connected to LockBit.

Our journalism needs your support. Please subscribe today to

Matthew Enuco may be reached at [email protected]. Follow Matt on X.

Source link


National Cyber Security