The UK’s National Crime Agency (NCA) announced a major breakthrough today in investigating the notorious LockBit ransomware gang.
LockBit, a ransomware-as-a-service (RaaS) operation, has been responsible for numerous high-profile cyberattacks since its emergence in 2019.
The group is known for its malicious software that encrypts victims’ data and demands ransom for decryption keys. Over the years, LockBit has targeted a wide range of sectors globally, including healthcare, education, and government, causing extensive financial and operational damage.
After infiltrating LockBit’s network and seizing control of their infrastructure, the NCA revealed they had identified the group’s leader, known by the online alias “LockBitSupp.”
Dmitry Khoroshev, also known by his online alias “LockBitSupp,” has been a shadowy figure in the cyber underworld, orchestrating one of the most harmful cybercrime operations in recent history.
Under Khoroshev’s leadership, the LockBit ransomware group has been responsible for a series of high-profile attacks, causing significant financial and operational damage to numerous organizations worldwide.
For years, LockBitSupp’s real identity remained a mystery as he carefully concealed his name and location while communicating on cybercrime forums.
However, in a statement, NCA Director General Graeme Biggar said they now know where LockBitSupp lives, his net worth, and that he has “engaged with law enforcement” in the past.
The NCA’s infiltration dealt a crippling blow to LockBit’s criminal enterprise. In the last 4 years, LockBit has been one of the most prolific ransomware gangs, responsible for 44% of all global ransomware incidents in early 2023.
Their attacks impacted thousands of victims worldwide, including approximately 1,700 in the US alone, extorting over $91 million in ransom payments.
As part of the takedown, codenamed Operation Cronos, the NCA seized LockBit’s source code, decryption keys, and a trove of data from their servers that are now being used to expose the gang’s operations and affiliates further.
The NCA has taken over LockBit’s dark web leak site to post daily updates with this intelligence.
Recent investigations have revealed that the head of the notorious Lockbit ransomware group had been using an email account hosted on Apple’s iCloud service.
While the NCA has not yet publicly named LockBitSupp, their ability to gather personal details on the once-anonymous criminal mastermind sends a powerful message. “Our work does not stop here,” Biggar warned, vowing further action against LockBit and its affiliates.
The NCA’s breakthrough, assisted by the FBI and law enforcement from 9 other countries, marks a significant victory in the ongoing battle against the global ransomware epidemic.
In addition to the sanctions, the US has unsealed an indictment against Khoroshev and is offering a reward of up to $10 million for information leading to his arrest and/or conviction.
However, with LockBit’s affiliates still at large, organizations worldwide must remain vigilant in securing their networks against the ever-evolving ransomware threat.
The fight against ransomware is far from over, but actions like these are vital steps forward in securing cyberspace for all.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide