Identity of cybercrime gang leader revealed

Russian national Dmitry Khoroshev has been identified as the alleged leader of the cybercrime group LockBit.

As a result, the UK, US and Australia have imposed a series of asset freezes and travel bans against the group administrator.

Khoroshev had originally offered a £10m reward to anyone who could reveal his identity.

Sanctions were announced by the Foreign, Commonwealth and Development Office alongside the US Department of the Treasury’s Office of Foreign Assets Control and the Australian Department of Foreign Affairs.

The US has also unsealed an indictment against him and is offering a reward of up to $10m for information leading to his arrest and/or conviction.

The sanctions form part of the international investigation, named the Operation Cronos taskforce, into the LockBit group. 

The National Crime Agency (NCA) leads the operation, with support from the FBI and other international partners. 

In February, the NCA managed to infiltrate and take control of the group’s network, including its leak site on the dark web.

Data obtained from the network revealed that between June 2022 and February 2024, more than 7,000 attacks were built using their services, with the UK amongst the top five victims. 

Since the infiltration, the average number of monthly LockBit attacks in the UK has reduced by more than 70 per cent.

NCA director general Graeme Biggar said: “These sanctions are hugely significant and show that there is no hiding place for cybercriminals like Dmitry Khoroshev, who wreak havoc across the globe. He was certain he could remain anonymous, but he was wrong.

“We know our work to disrupt LockBit thus far has been extremely successful in degrading their capability and credibility among the criminal community. The group’s attempt at rebuilding has resulted in a much less sophisticated enterprise with significantly reduced impact.

“Today’s announcement puts another huge nail in the LockBit coffin and our investigation into them continues. We are also now targeting affiliates who have used LockBit services to inflict devastating ransomware attacks on schools, hospitals and major companies around the world.

“Working with our international partners, we will use all the tools at our disposal to target other groups like LockBit, expose their leadership and undermine their operations to protect the public.”