CRIME

US and allies accuse Russian man of running massive ransomware gang

May 7, 2024, 2:05 PM

Dmitry Yuryevich Khoroshev is accused of developing malicious software, recruiting hackers and over...

Dmitry Yuryevich Khoroshev is accused of developing malicious software, recruiting hackers and overseeing operations for a crime group known as LockBit that has been described by experts as the most prolific ransomware gang in the world. (US Department of the Treasury via CNN Newsource)

(US Department of the Treasury via CNN Newsource)

(CNN) — US, UK and Australian authorities on Tuesday announced sanctions and criminal charges against a 31-year-old Russian man for being the alleged mastermind of a cybercriminal group that has extorted $500 million in ransom payments from thousands of victim organizations in the US and worldwide.

Dmitry Yuryevich Khoroshev is accused of developing malicious software, recruiting hackers and overseeing operations for a crime group known as LockBit that has been described by experts as the most prolific ransomware gang in the world.

The group’s victims included hospitals, schools and law enforcement agencies, and the hackers caused “broader losses and damage of billions of dollars,” according to an indictment unsealed in the District of New Jersey. People affiliated with LockBit claimed credit for a November ransomware attack that forced New Jersey-based Capital Health to cancel some patient appointments, and for ransomware attacks on the Industrial and Commercial Bank of China and Fulton County.

Khoroshev “personally pocketed $100 million,” or a fifth of LockBit’s extortion fees, Philip Sellinger, the US attorney for the district of New Jersey, said in a statement.

Khoroshev is charged with conspiracy to commit fraud, extortion and wire fraud, among other crimes. CNN has attempted to contact him for comment.

US officials did not identify where Khoroshev is located, but the State Department is offering a $10 million reward for information leading to his arrest. Russia “continues to offer safe harbor for cybercriminals,” the Treasury Department said in a statement on Tuesday. Moscow has denied the allegation.

President Joe Biden in 2021 exhorted Russian President Vladimir Putin to crack down on ransomware gangs that were attacking US infrastructure from Russian soil. But any faint hopes of substantive cooperation between Washington and Moscow on cybercrime dimmed with Russia’s full-scale invasion of Ukraine the following year.

Despite the law enforcement crackdowns, ransomware continues to take a toll on US businesses, government agencies and schools of various sizes. A ransomware attack over the weekend on computer systems in the city of Wichita, Kansas, disrupted residents’ access to water bills online and caused departure and arrival screens at the airport to malfunction.

Khoroshev’s indictment is the latest twist in a months-long duel in which law enforcement agencies have seized computer servers used by LockBit, and the hackers have claimed to move to other infrastructure.

The FBI and UK National Crime Agency (NCA) in February said they had developed software that could let “hundreds” of victims worldwide decrypt computers locked by the hackers. The hackers have tried to downplay the damage to their operations, but the sustained efforts to disrupt LockBit appear to be having an impact.

‘Imposing cognitive fear’

The LockBit case is notable because US and European law enforcement officials are using the hackers’ psychological tactics against them in one of the more aggressive public efforts to sow distrust among cybercriminal groups.

Ransomware groups, including LockBit, use a ticking clock on the websites where they extort victims. If they aren’t paid in cryptocurrency by the time the clock runs out, the hackers leak data stolen from the victims.

In this case, the FBI, NCA and other law enforcement agencies have used LockBit’s own websites to taunt its members and set up a countdown clock promising to reveal LockBit’s ringleader.

“Imposing cognitive fear in their life was something that we really focused on,” Tim Court, a senior NCA official involved in the LockBit case, said last month at an event hosted by the Institute for Security and Technology.

“These are individuals in a criminal enterprise who are not tested,” Court said. The LockBit members, he argued, were not “ideologically motivated to withstand immense pressure. They’ve hidden behind the screen, they’re often anonymous and they’re making a lot of money.”

Court said that the operation to infiltrate LockBit’s operations lasted two years.

The NCA so thoroughly compromised the LockBit’s infrastructure that they were able to access the hackers’ latest version of ransomware that they were preparing to release, according to Jon DiMaggio, chief security strategist at cybersecurity firm Analyst1 who has closely studied LockBit.

KSL 5 TV Live

Crime

A southern Utah man was charged with DUI and causing a crash taht killed two children i the car, ev...

Collin Leonard, KSL.com

Clearfield man who murdered grandparents sentenced to at least 30 years in prison

A Clearfield man who murdered his elderly grandparents in his family's garage in November 2022 could potentially spend the rest of his life in prison.

13 minutes ago

(KSL TV)...

Associated Press

Kansas cold case ends 44 years later as man is sentenced for killing his former neighbor in 1980

More than 44 years after a nursing student was slain in her trailer home in central Kansas, her former neighbor has been sentenced to 10 to 25 years in prison for killing her.

7 hours ago

emergency lights...

Kyle Remund, KSL News Radio

Woman in serious condition following Draper stabbing

A woman is in serious condition after a stabbing in Draper early Saturday morning.

21 hours ago

Crews load recovered copper into a truck after the Salt Lake County Sheriff's Office says it was st...

Collin Leonard, KSL.com

5 arrested, $147K in stolen copper from Kennecott recovered

Over 10,000 pounds of stolen copper was recovered Thursday as part of an investigation that began at the Rio Tinto Kennecott mine.

23 hours ago

Generic photo of a Provo Police car....

Mark Jones

Provo police investigating online threat aimed at school

Provo police are investigating a threat of violence aimed at Provo High School.

1 day ago

The gunman is led away from the King Soopers store by first responders. (KCNC via CNN Newsource)...

CNN

Witness testifies gunman said “This is fun!” while shooting people inside grocery store

Witness testimony continues as people inside a King Soopers store in Boulder took the stand and described what they saw and heard on March 22, 2021.

1 day ago

Sponsored Articles

Laptops in a modern technology store. Department of computers in the electronics store. Choosing a ...

PC Laptops

How to choose the best laptop for college students

Finding the right laptop for college students can be hard, but with this guide we break down what to look for so you can find the best one.

young male technician is repairing a printer at office...

Les Olson

Unraveling the dilemma between leasing and buying office technology

Carefully weigh these pros and cons to make an informed decision that best suits your business growth and day-to-day operation. 

A kitchen in a modern farmhouse....

Lighting Design

A room-by-room lighting guide for your home

Bookmark this room-by-room lighting guide whenever you decide to upgrade your lighting or style a new home.

Photo courtesy of Artists of Ballet West...

Ballet West

The rising demand for ballet tickets: why they’re harder to get

Ballet West’s box office is experiencing demand they’ve never seen before, leaving many interested patrons unable to secure tickets they want.

Electrician repairing ceiling fan with lamps indoors...

Lighting Design

Stay cool this summer with ceiling fans

When used correctly, ceiling fans help circulate cool and warm air. They can also help you save on utilities.

Side view at diverse group of children sitting in row at school classroom and using laptops...

PC Laptops

5 internet safety tips for kids

Read these tips about internet safety for kids so that your children can use this tool for learning and discovery in positive ways.

US and allies accuse Russian man of running massive ransomware gang