US, UK, and Australian authorities announced sanctions and criminal charges against Dmitry Yuryevich Khoroshev, a 31-year-old Russian man accused of being the mastermind behind the cybercriminal group LockBit. This group has extorted $500 million in ransom payments from thousands of organizations worldwide, including hospitals, schools, and law enforcement agencies. Khoroshev is charged with conspiracy to commit fraud, extortion, and wire fraud, among other crimes. He reportedly personally pocketed $100 million, a fifth of LockBit’s extortion fees. The US State Department is offering a $10 million reward for information leading to his arrest.
Despite law enforcement crackdowns, ransomware attacks continue to impact US businesses, government agencies, and schools. The indictment of Khoroshev is the latest development in ongoing efforts to disrupt LockBit’s operations. The FBI and UK National Crime Agency have been working to undermine the group, developing software to help victims decrypt computers locked by the hackers. The sustained efforts to disrupt LockBit seem to be having an impact, even as the hackers have attempted to downplay the damage to their operations.
The LockBit case is significant as US and European law enforcement agencies are using the hackers’ tactics against them in an aggressive public effort to sow distrust among cybercriminal groups. Ransomware groups like LockBit often use psychological tactics, such as setting a ticking clock on websites where they extort victims. Failure to pay by the deadline results in the leaking of stolen data. In this case, law enforcement agencies have taken control of LockBit’s websites to taunt its members, setting up a countdown clock promising to reveal the group’s ringleader.
Tim Court, a senior NCA official involved in the LockBit case, highlighted the focus on imposing cognitive fear on the hackers to disrupt their operations. He emphasized that these individuals in criminal enterprises are often not ideologically motivated and are making money through anonymity. The operation to infiltrate LockBit’s operations lasted two years, with the NCA successfully compromising the group’s infrastructure to access the latest version of ransomware they were preparing to release. By using the hackers’ own tactics against them, law enforcement agencies are attempting to dismantle cybercriminal activity and disrupt their operations.
President Joe Biden has previously urged Russian President Vladimir Putin to crack down on ransomware gangs attacking US infrastructure from Russian soil. However, cooperation between the two countries on cybercrime has been strained following Russia’s invasion of Ukraine. Despite ongoing law enforcement efforts, ransomware attacks continue to target various organizations globally. The indictment of Khoroshev underscores the severity of cybercriminal activity and the challenges faced by authorities in addressing this threat. The use of technological and psychological tactics against ransomware groups highlights the evolving nature of cybercrime and law enforcement strategies to combat it.
