Global Law Enforcement Actions Against LockBit Ransomware Admin

On May 7, 2024, a coordinated effort by international law enforcement agencies led to significant legal actions against Dmitry Yuryevich Khoroshev, the administrator of the LockBit ransomware operation. A Russian national from Voronezh, 31-year-old Khoroshev, also known under the pseudonyms ‘LockBitSupp’ and ‘putinkrab’, has been implicated in generating substantial revenue estimated at $100 million through cybercriminal activities. The legal measures were announced by the FBI, the UK’s National Crime Agency (NCA), and Europol, marking a critical point in the fight against global cybercrime.

Legal and Financial Sanctions

The sanctions include asset freezes and travel bans administered by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), alongside similar measures from the UK’s Foreign, Commonwealth and Development Office (FCDO), and the Australian Department of Foreign Affairs. These sanctions are designed to disrupt the financial operations of ransomware groups by making it risky and potentially illegal for companies to comply with ransom demands, thereby curtailing the group’s funding.

Incentives for Information

In an effort to capture Khoroshev, the US government has offered a $10 million reward for any information leading to his arrest or conviction. This is part of the broader Rewards for Justice program, aimed at incentivizing individuals to cooperate with law enforcement in tracking down cybercriminals.

Operation Cronos: A Turning Point

The announcement also highlighted the success of ‘Operation Cronos’, a law enforcement initiative that targeted the infrastructure of LockBit. This operation led to the seizure of 34 servers and facilitated the recovery of an additional 1,500 decryption keys on top of the 1,000 initially stated. These keys have been crucial in assisting victims to regain access to their data without paying the ransom.

The Structure and Scope of LockBit

Initiated in September 2019 under the name ‘ABCD’, LockBit quickly evolved into a sophisticated ransomware-as-a-service (RaaS) operation. By designing an infrastructure that supported encryption, negotiation, and data leak sites, and by recruiting affiliates responsible for executing the attacks, LockBit became a prominent name in cybercrime. Though initially claiming to operate from China, Khoroshev’s real identity as a Russian national underscores the often deceptive tactics used by cybercriminals.

Impact and Response

Since its inception, LockBit is estimated to have conducted over 7,000 attacks globally, heavily impacting countries like the US, UK, France, Germany, and China. The recent law enforcement actions have significantly weakened the operation, reducing the number of active members and affiliates from 194 to 69 as trust within the network eroded.

Future Implications

While the current actions have dealt a substantial blow to LockBit, the history of ransomware suggests that this may not be the end. Cybercriminals often rebrand and reform under new names, continuing their disruptive activities. Therefore, continuous vigilance and international cooperation remain essential to combat these evolving threats.

By taking decisive action against figures like Khoroshev, global authorities not only disrupt current operations but also set a precedent for handling international cybercrime, emphasizing the importance of collaboration in these efforts.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.