Russian criminal behind LockBit attack: details of the operation and consequences

Russian Cybercriminal Behind LockBit Ransomware Operation

A joint operation conducted by the FBI, the UK National Crime Agency, and Europol has revealed details about the LockBit ransomware operation and the identity of the Russian criminal responsible for its administration. This is a significant step in the fight against cybercrime that could contribute to enhancing cybersecurity.

LockBit: A Wide-Ranging Investigation Launches

According to a new indictment by the US Department of Justice and a statement from the NCA, it has been disclosed that the LockBit ransomware operation is orchestrated by a Russian citizen named Dmitry Yuryevich Khoroshev. This marks the first time that the identity of a perpetrator of such attacks has been publicly disclosed.

US Sanctions and Rewards

Following this information, sanctions have been announced against the administrator and developer of LockBit, including asset freezes and travel bans. Additionally, the US is offering a reward of $10 million for information leading to the arrest and/or conviction of LockBit’s operator under the Rewards for Justice program.

These sanctions aim to curb criminal activities and may significantly disrupt LockBit operations. Payment of ransom may violate the sanctions and expose companies to government penalties, which could deter potential victims from paying ransoms in the future.

Implications for Ransomware Operations

Similar sanctions in the past have led some ransomware negotiators to cease assisting in ransom payments for companies subject to sanctions. This means that the current actions taken may limit LockBit’s ability to extort ransom from victims.

Effects of the Operation

It has also been announced that intelligence operations have allowed for the takeover of LockBit infrastructure, resulting in a greater number of decryption keys being obtained than originally anticipated. In February, an international police operation under the name Operation Chronos led to the dismantling of 34 servers hosting data leak sites, enabling the recovery of decryption keys.

Assistance for Victims

Europol has revealed that up to 2500 decryption keys have been obtained, which continues to aid LockBit victims in recovering their files free of charge. These efforts constitute significant support for those affected by the attack and can help them return to normalcy after data loss.