LockBit leader unmasked

The leader of ransomware group LockBit has been unmasked and sanctioned by the UK, US and Australia.

The National Crime Agency-led campaign has identified Russian national Dmitry Khoroshev (pictured) as the administrator and developer of the cybercrime group, who will now be subject to a series of asset freezes and travel bans.

Khoroshev, also known as LockBitSupp, relished his anonymity and was so confident in it that he once offered a $10 million reward to anyone who could uncover his identity.

However, weaknesses in the group’s own security were revealed earlier this year when LockBit was taken down for a short while by several international government agencies working together, in a campaign known as Operation Cronos.

At the time, the administrator (now known to be Khoroshev) stated in a letter that its members had become  “lazy” at patching their own infrastructure after stealing enough money to live a luxurious lifestyle.

LockBit typically recruits members worldwide to disrupt organisations’ IT infrastructure and withhold their data in return for a ransom payment.

LockBit’s victims include Boeing, the Royal Mail, the Ministry of Defence, and the Bank of America.

Who is behind LockBit?

According to cyber security firm WithSecure, LockBit was responsible for almost a fifth of all ransomware breaches last year.

Don Smith, VP, of cyber security firm’s SecureWorks Counter Threat Unit added that, since Operation Cronos took disruptive action, the cybergang has been battling to reassert its dominance and, most importantly, its credibility within the cyber criminal community.

He added: “Today’s unmasking of Dmitry Khoroshev aka LockBitSupp, demonstrates the ability of law enforcement to deny cybercriminals the safety blanket of anonymity and place them at risk of arrest and prosecution if they travel out with their home country.”

Naming and shaming is a relatively new tactic that is being used by governments to quash criminal cyber gangs.

Last year the UK and US governments decided enough was enough and took the rare step of naming seven members of Conti and Trickbot gangs, publishing their real-world names, dates of birth, email addresses and photos.

Other sanctions taken by the UK have included freezing individuals’ assets and imposing travel bans.

The long-term unmasking of cybergangs remains unclear, but as a tactic it certainly makes it harder for groups to reform under a different guise or join other gangs.