The alleged kingpin of the notorious LockBit hacking syndicate has been charged by the U.S. Department of Justice DoJ) with orchestrating thousands of cybercrimes worldwide that brought the crew hundreds of millions of dollars.
Dimitry Yuryevich Khoroshev, (aka LockbitSupp) a Russian national, has been designated by a federal grand jury for the District of New Jersey with creating, developing and administering what is widely believed to be among the most prolific cyber attackers in the world.
A total of 26 charges have been bought against Khoroshev, including conspiracy to commit fraud, wire fraud, and extortion. The charges carry a maximum penalty of 185 years in prison. Each of the 26 counts in the indictment also carries a maximum fine of roughly $250,000.
The U.S. State Department is dangling a reward under the Transnational Organized Crime Rewards Program (TOCRP) of up to $10 million for “information leading to the arrest and/or conviction” of Khoroshev for “participating in, conspiring to participate in or attempting to participate in transnational organized cybercrime as a leader of the LockBit ransomware group.”
2,500 Ransomware Attacks Worldwide
Khoroshev's reign is said to be running from 2019 through May 2024, a period in which the hacking crew was allegedly responsible for 1,800 attacks in the U.S. and 2,500 worldwide, according to the U.S. Treasury Department.
Since January 2020, affiliates using LockBit have attacked “individuals, small businesses, multinational corporations, hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies,” DoJ said.
Those attacks generated at least $500 million in ransom payments from victims, with at least $100 million of that going to Khoroshev personally, the agency said.
“Khoroshev and his affiliate co-conspirators, grew LockBit into what was, at times, the most active and destructive ransomware variant in the world,” DoJ said.
Khoroshev allegedly developed the ransomware-as-a-service model, arranged for the design of the LockBit ransomware code, recruited affiliates and maintained the LockBit online software dashboard to provide affiliates with the tools to deploy LockBit. Khoroshev also maintained LockBit’s data leak site to extort victims by posting their stolen data if they refused to pay a ransom.
The indictment against Khoroshev comes in the wake of a recent action against LockBit in February 2024 by the U.K. National Crime Agency’s (NCA) Cyber Division, the DoJ, FBI and other international law enforcement agencies. Authorities seized public-facing websites used by LockBit to connect to the organization’s infrastructure and took control of servers used by LockBit administrators, officials said.
List of LockBit Suspects Grows
Six LockBit members have now been charged:
- February 2024 — Russian nationals Artur Sungatov and Ivan Kondratyev, aka Bassterlord, were charged with deploying LockBit against numerous victims throughout the U.S.
- June 2023 — Ruslan Magomedovich Astamirov, a Russian national, was charged with participating in the LockBit group.
- May 2023 — Mikhail Matveev, aka “Wazawaka,” “m1x,” “Boriselcin,” and “Uhodiransomwar,” was charged with using different ransomware variants, including LockBit, to attack numerous victims throughout the U.S., including the Washington, D.C. Metropolitan Police Department.
- November 2022 — Mikhail Vasiliev, a dual Russian/Canadian national, was charged with participating in the LockBit ransomware group.’
Astamirov is currently in custody awaiting trial. Matveev is the subject of a reward of up to $10 million through the TOCRP. Vasiliev is in custody in Canada awaiting extradition to the U.S.