61° and Partly Cloudy
U.S. Indicts Russian National for Operating LockBit Ransomware, Offers $10M Reward
Dmitry Yuryevich Khoroshev Alleged Mastermind Behind Prolific Cyber Extortion Campaign
The U.S. Attorney’s Office for the District of New Jersey, in collaboration with the U.S. Justice Department, unveiled charges today against Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, for his alleged pivotal role in creating and operating the LockBit ransomware. This software has wreaked havoc globally since its inception in September 2019. Khoroshev, who operated under aliases including “LockBitSupp” and “putinkrab,” faces a 26-count indictment, which could lead to a maximum sentence of 185 years if convicted on all counts.
“Dmitry Khoroshev conceived, developed, and administered Lockbit, the most prolific ransomware variant and group in the world, enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe. He thought he could do so hidden by his notorious moniker ‘LockBitSupp,’ anonymous and free of any consequence, while he personally pocketed $100 million extorted from Lockbit’s victims," said U.S. Attorney Philip R. Sellinger.
LockBit has been identified as one of the most aggressive and destructive ransomware variants, having targeted over 2,500 entities across 120 countries, including 1,800 in the United States alone. Its victims span a wide range of sectors such as healthcare, education, government, and critical infrastructure, extracting an estimated $500 million in ransom payments and causing billions in broader economic damages.
The indictment details how Khoroshev and his co-conspirators engineered LockBit to function as a “ransomware-as-a-service” (RaaS) operation. This model allowed them to recruit affiliates who deployed the ransomware, while Khoroshev maintained critical infrastructure such as the control panel and data leak sites. Despite disruptions to LockBit by international law enforcement in February 2024, Khoroshev allegedly continued to manage and profit from the ransomware’s operations.
In conjunction with the charges, the U.S. Department of the Treasury has sanctioned Khoroshev, and the U.S. Department of State has announced a reward of up to $10 million for information leading to his capture. This is part of a broader strategy to combat cybercrime, which also includes developing decryption tools to aid victims affected by LockBit.
The global response underscores the severity of the threat posed by LockBit, with actions against Khoroshev also being taken by authorities in the United Kingdom and Australia. Victims of LockBit are encouraged to report to the FBI to assist in recovery efforts and potentially benefit from newly developed decryption capabilities.
This indictment serves as a reminder of the ongoing challenges in cyber security and the international efforts required to combat sophisticated digital threats.
