2 min

Tags in this article

, ,

The admin behind the LockBit ransomware appears to be a 31-year-old Russian. Dmitry Yuryevich Khoroshev from Voronezh is said to have obtained the equivalent of $100 million from his criminal activities.

The FBI, the British NCA and Europol have confirmed the identity of the LockBit leader. Authorities describe Khoroshev as the “administrator and developer” of the ransomware group. In this role, he is known online as “LockBitSupp” and “putincrab.”

The identity of LockBit

LockBit’s Russian origins had long been established. However, the revelation makes it clearer than ever who pulled the strings at LockBit. The ransomware group grew to become the most successful cybercriminal organization in the world, but was infiltrated and partially shut down by authorities earlier this year. In February, an international coalition including Europol, European police forces and colleagues from the U.S., Canada, Japan and Australia managed to take down the leak site. Servers were also seized and 305GB of stolen corporate data was secured.

Read more: LockBit ransomware is hampered by police departments, but won’t stop -update

Since then, LockBit seemed to rebound somewhat, but in the meantime other cybercriminals are taking advantage of the previously leaked LockBit source code and there are multiple copycats around.

Sanctions and unmasking, but no more

Unmasking Khoroshev is a major victory for the security agencies involved. The sanctions will also possibly curtail the LockBit leader’s financial freedom. Nevertheless, given his location, the Russian is elusive to the authorities, so more consequences are not expected.

Authorities dot that LockBit criminals are still carrying out attacks. In several cases, decryptors were found to fail after paying a ransom, resulting in affected organizations losing both their data and a hefty sum of money. Therefore, the U.K. National Crime Agency stresses that the criminals obviously cannot be trusted.