US and allies accuse Russian man of running massive ransomware gang

May 7, 2024, 2:05 PM

Dmitry Yuryevich Khoroshev is accused of developing malicious software, recruiting hackers and over...

Dmitry Yuryevich Khoroshev is accused of developing malicious software, recruiting hackers and overseeing operations for a crime group known as LockBit that has been described by experts as the most prolific ransomware gang in the world. (US Department of the Treasury via CNN Newsource)

(US Department of the Treasury via CNN Newsource)

(CNN) — US, UK and Australian authorities on Tuesday announced sanctions and criminal charges against a 31-year-old Russian man for being the alleged mastermind of a cybercriminal group that has extorted $500 million in ransom payments from thousands of victim organizations in the US and worldwide.

Dmitry Yuryevich Khoroshev is accused of developing malicious software, recruiting hackers and overseeing operations for a crime group known as LockBit that has been described by experts as the most prolific ransomware gang in the world.

The group’s victims included hospitals, schools and law enforcement agencies, and the hackers caused “broader losses and damage of billions of dollars,” according to an indictment unsealed in the District of New Jersey. People affiliated with LockBit claimed credit for a November ransomware attack that forced New Jersey-based Capital Health to cancel some patient appointments, and for ransomware attacks on the Industrial and Commercial Bank of China and Fulton County.

Khoroshev “personally pocketed $100 million,” or a fifth of LockBit’s extortion fees, Philip Sellinger, the US attorney for the district of New Jersey, said in a statement.

Khoroshev is charged with conspiracy to commit fraud, extortion and wire fraud, among other crimes. CNN has attempted to contact him for comment.

US officials did not identify where Khoroshev is located, but the State Department is offering a $10 million reward for information leading to his arrest. Russia “continues to offer safe harbor for cybercriminals,” the Treasury Department said in a statement on Tuesday. Moscow has denied the allegation.

President Joe Biden in 2021 exhorted Russian President Vladimir Putin to crack down on ransomware gangs that were attacking US infrastructure from Russian soil. But any faint hopes of substantive cooperation between Washington and Moscow on cybercrime dimmed with Russia’s full-scale invasion of Ukraine the following year.

Despite the law enforcement crackdowns, ransomware continues to take a toll on US businesses, government agencies and schools of various sizes. A ransomware attack over the weekend on computer systems in the city of Wichita, Kansas, disrupted residents’ access to water bills online and caused departure and arrival screens at the airport to malfunction.

Khoroshev’s indictment is the latest twist in a months-long duel in which law enforcement agencies have seized computer servers used by LockBit, and the hackers have claimed to move to other infrastructure.

The FBI and UK National Crime Agency (NCA) in February said they had developed software that could let “hundreds” of victims worldwide decrypt computers locked by the hackers. The hackers have tried to downplay the damage to their operations, but the sustained efforts to disrupt LockBit appear to be having an impact.

‘Imposing cognitive fear’

The LockBit case is notable because US and European law enforcement officials are using the hackers’ psychological tactics against them in one of the more aggressive public efforts to sow distrust among cybercriminal groups.

Ransomware groups, including LockBit, use a ticking clock on the websites where they extort victims. If they aren’t paid in cryptocurrency by the time the clock runs out, the hackers leak data stolen from the victims.

In this case, the FBI, NCA and other law enforcement agencies have used LockBit’s own websites to taunt its members and set up a countdown clock promising to reveal LockBit’s ringleader.

“Imposing cognitive fear in their life was something that we really focused on,” Tim Court, a senior NCA official involved in the LockBit case, said last month at an event hosted by the Institute for Security and Technology.

“These are individuals in a criminal enterprise who are not tested,” Court said. The LockBit members, he argued, were not “ideologically motivated to withstand immense pressure. They’ve hidden behind the screen, they’re often anonymous and they’re making a lot of money.”

Court said that the operation to infiltrate LockBit’s operations lasted two years.

The NCA so thoroughly compromised the LockBit’s infrastructure that they were able to access the hackers’ latest version of ransomware that they were preparing to release, according to Jon DiMaggio, chief security strategist at cybersecurity firm Analyst1 who has closely studied LockBit.

KSL 5 TV Live


Kouri Richins talks with her lawyers in court....

Devin Oldroyd, KSL NewsRadio

Kouri Richins defense team asks for prosecution to be dismissed

Kouri Richins’ defense team is asking that the prosecution be dismissed, alleging that prosecutors violated her Sixth Amendment rights.

13 hours ago

FILE - In this image taken from San Francisco Police Department body-camera video, the husband of f...

Olga R. Rodriguez, Associated Press

Man gets 30 years in prison for attacking ex-Speaker Nancy Pelosi’s husband with a hammer

A man has been sentenced to 30 years in prison for attacking the husband of then-House Speaker Nancy Pelosi with a hammer.

13 hours ago

TOKYO, JAPAN - OCTOBER 13: A police officer stands at the entrance to the Embassy of Israel on Octo...

Associated Press

As Japan’s yakuza weakens, police focus shifts to unorganized crime hired via social media

Police in Japan who were busy tracking thousands of yakuza members just a few years ago have set their eyes on a new threat: unorganized and loosely connected groups.

13 hours ago

RCMP Superintendent serious crimes branch David Hall speaks about Alberta RCMP linking four histori...

Rob Gillies, Associated Press

Dead US serial sex offender linked to 4 slain Canadian young women

Canadian police say they have linked the deaths of four young women nearly 50 years ago to a now deceased U.S. fugitive who hid in Canada from the mid 1970s to the late 1990s.

15 hours ago

Handcuffs in a jail cell. (Ravell Call/Deseret News)...

Michael Houck

Three people attempted to kidnap child with one posing a social worker, police report.

Three people planned to kidnap a child, claiming the father did not have legal custody of them, Vernal police say.

15 hours ago

Photo of Nile Thacker, a tiny tim's toymaker killed in a crash earlier this year....

Emily Ashcraft,

Jury finds man guilty of fatal DUI crash that killed toymaker

A man was convicted on Friday of causing a crash that killed a volunteer toymaker while driving under the influence.

17 hours ago

Sponsored Articles

Electrician repairing ceiling fan with lamps indoors...

Lighting Design

Stay cool this summer with ceiling fans

When used correctly, ceiling fans help circulate cool and warm air. They can also help you save on utilities.

Side view at diverse group of children sitting in row at school classroom and using laptops...

PC Laptops

5 Internet Safety Tips for Kids

Read these tips about internet safety for kids so that your children can use this tool for learning and discovery in positive ways.

Women hold card for scanning key card to access Photocopier Security system concept...

Les Olson

Why Printer Security Should Be Top of Mind for Your Business

Connected printers have vulnerable endpoints that are an easy target for cyber thieves. Protect your business with these tips.

Modern chandelier hanging from a white slanted ceiling with windows in the backgruond...

Lighting Design

Light Up Your Home With These Top Lighting Trends for 2024

Check out the latest lighting design trends for 2024 and tips on how you can incorporate them into your home.

Technician woman fixing hardware of desktop computer. Close up....

PC Laptops

Tips for Hassle-Free Computer Repairs

Experiencing a glitch in your computer can be frustrating, but with these tips you can have your computer repaired without the stress.

Close up of finger on keyboard button with number 11 logo...

PC Laptops

7 Reasons Why You Should Upgrade Your Laptop to Windows 11

Explore the benefits of upgrading to Windows 11 for a smoother, more secure, and feature-packed computing experience.

US and allies accuse Russian man of running massive ransomware gang