The U.S. Justice Department has indicted Russian national Dmitry Yuryevich Khoroshev, also known under aliases “LockBitSupp” and “LockBit,” for his central role in the creation and operation of the notorious LockBit ransomware. Since its inception in September 2019, LockBit has evolved into one of the most destructive ransomware variants, impacting over 2,500 victims across 120 countries and causing widespread financial havoc.
The Case Background
U.S. Attorney General Merrick B. Garland highlighted the extensive nature of LockBit‘s operations, noting that the group had inflicted over $100 million in direct ransomware payments from its victims. The cumulative financial damage, factoring in incident responses and lost revenue runs into billions of dollars. These victims span a broad spectrum, including individuals, multinational corporations, and critical sectors such as healthcare and education.
Khoroshev’s indictment by a federal grand jury in New Jersey includes a multitude of charges, encapsulating conspiracy to commit computer fraud, wire fraud, and multiple counts related to extortion and intentional damage to protected computers. The indictment reflects an aggressive stance taken by U.S. authorities in collaboration with international law enforcement, including the U.K.’s National Crime Agency, to dismantle the operations of the LockBit group.
In February, a coordinated operation led to the seizure of critical LockBit infrastructure, significantly disrupting the group’s ability to launch new attacks. This operation also revealed Khoroshev’s attempts to negotiate with law enforcement, offering to expose competitors in return for leniency—a fact that underscores the desperation and disarray within LockBit following the crackdown.
LockBit Victims FBI report form
The indictment also highlights LockBit‘s “ransomware-as-a-service” model. Khoroshev allegedly developed the ransomware code and recruited affiliates to deploy it against targets. He purportedly retained a 20% cut from the ransom payments collected, amassing around $100 million in cryptocurrencies.
The LockBit Investigation
The indictment of Khoroshev is part of a broader crackdown on LockBit, which has seen multiple affiliates charged and some already in custody awaiting trial. With the indictment against Koroshev, a total of six LockBit members have now been charged for their participation in the LockBit conspiracy:
- In February 2024, an indictment was unsealed charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims throughout the U.S., including businesses nationwide in the manufacturing and other industries.
- In June 2023, a criminal complaint was filed the Russian Ruslan Magomedovich Astamirov in connection with his participation in the LockBit group. Astamirov is currently in custody awaiting trial.
- In May 2023, two indictments were unsealed charging Mikhail Matveev, also known as “Wazawaka,” “m1x,” “Boriselcin,” and “Uhodiransomwar,” with using different ransomware variants, including LockBit, to attack numerous victims throughout the U.S. Matveev is currently the subject of a reward of up to $10 million through the U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program, with information accepted through the FBI tip website at tips.fbi.gov.
- Finally, in November 2022, a criminal complaint was filed charging Mikhail Vasiliev in connection with his participation in the LockBit ransomware group. Vasiliev, a dual Russian-Canadian national, is currently in custody in Canada awaiting extradition to the United States.
The U.S. Department of State also announced today a reward of up to $10 million for information that leads to the apprehension of Khoroshev.
This aggressive legal and financial strategy underscores a global commitment to tackling cybercrime and is expected to serve as a deterrent to potential cybercriminals worldwide. The LockBit case is a landmark in illustrating the potential of international cooperation in combating the increasingly sophisticated world of cyber threats.
