The alleged leader of Rockbit, once the world’s largest ransomware organization, has been named as Russian national Dmitry Khoroshev by the UK’s National Crime Agency (NCA) following the seizure of the criminal organization’s infrastructure.
Holoshev, who lived his online life under the name LockBitSupp, authorized Reported by the UK, US and Australia as a result of unmasking.
He was so confident of his anonymity that he once offered a $10 million (£8 million) reward to anyone who could reveal their identity. The US government is currently offering a reward of up to $10 million to anyone who can share information leading to his arrest or conviction.
LockBit is considered one of the most dangerous ransomware groups in the world, and its high-profile victims have included delivery company Royal Mail and aerospace company Boeing.
In February, Rockvit’s entire “command and control” equipment was seized by law enforcement after a joint international operation.
Graham Biggar, head of the National Crime Agency, said: “These sanctions are extremely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc around the world. ” he said. He was sure he could remain anonymous, but he was wrong.
“We know that previous efforts to destroy Rockbit have been highly successful in reducing their capabilities and credibility among the criminal community. The result was a far less influential and far less sophisticated company.”
“Cybercriminals think they are untouchable and hide behind anonymous accounts to extort money from their victims,” said Tom Tugendhat, the UK’s security minister.
“By exposing one of Rockbit’s leaders, we are sending a clear message to these ruthless criminals. You cannot hide. You will face justice.”
However, Mr. Khoroshev, who is believed to be residing in Russia, is likely to remain a fugitive for some time. The Russian state has never formally extradited any cybercriminals, and a freeze on relations following the full-scale invasion of Ukraine in 2022 has almost completely halted domestic enforcement efforts.
After newsletter promotion
However, NCA and its international partners are commercially attacking LockBit by publishing harmful information obtained from the group’s own servers. The criminal organization operated on an “affiliate” basis, charging fees to allow others to use its tools to perform hacks.
However, the NCA says its data shows that despite having paid thousands of dollars to become members and facing criminal charges for their hacking activities, more than half of the merchants it was able to identify have made no money from their criminal activities. He said this shows that no payments have been made.
The NCA also announced that the group had broken its promise to victims to delete stolen data if they paid a ransom, as information that appeared to have been deleted was discovered on the group’s servers.
