As a researcher with extensive experience in cybersecurity and digital forensics, I find the case of Dmitry Khoroshev, the alleged mastermind behind the LockBit ransomware gang, to be both intriguing and disturbing. The sheer scale of the damage caused by this criminal enterprise is astounding – between 2019 and early this year, LockBit attacked approximately 2,500 victims worldwide, extorting an estimated $500 million in ransom payments.


The United States government has pinpointed Russian citizen Dmitry Khoroshev as the head of the infamous LockBit ransomware group, and they are providing a $10 million incentive for any intel that results in his capture.

A detailed 26-count criminal accusation was made public on Tuesday, with prosecutors alleging that Khoroshev, aged 31, played a pivotal role in creating, marketing, and managing the LockBit ransomware. He reportedly recruited individuals from cybercriminal forums to execute the attacks, keeping a 20% share of their earnings once ransoms were paid, typically in Bitcoin (BTC).

As a crypto investor following the ransomware scene, I’ve observed LockBit’s rapid rise since its debut in 2019. This malicious software quickly gained notoriety, with a vast network of affiliates launching attacks against an estimated 2,500 victims worldwide. Nearly 1,800 of those victims were based in the United States. Prosecutors allege that during this period, LockBit extorted approximately $500 million in ransom payments from its victims.

As a researcher examining the indictment, I’ve discovered that Khoroshev allegedly obtained $100 million in bitcoin payments from LockBit’s illegal activities throughout its tenure. U.S. authorities are aiming to seize these unlawfully acquired assets as part of their investigation.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Khoroshev, prohibiting any U.S. citizens from engaging in financial transactions with him. This includes individuals who might become victims of a LockBit ransomware attack. One of Khoroshev’s Bitcoin addresses was added to the OFAC’s “Specially Designated Nationals” list, although it doesn’t seem that significant amounts of Bitcoin have been linked to this address in the past.

Khoroshev is still at large, as stated in an interview with The Record in March. He reportedly continues to manage the LockBit ransomware group.

As a forensic analyst examining the LockBit cybercrime group, I’ve uncovered that five of its members, including a Russian-Canadian dual national named Mikhail Vasiliev, have been indicted for their involvement in this illegal operation. Among them, at least one individual, Mikhail, has already received a prison sentence.

Khoroshev faces charges for his involvement in a conspiracy to commit fraud, extortion, and related computer offenses once. Additionally, he is accused of conspiring to commit wire fraud. Furthermore, there are eight counts of damaging a protected computer intentionally against him. Moreover, there are eight counts each for extorting information unlawfully obtained from a protected computer and for extorting while damaging a protected computer.

He faces a maximum of 185 years in prison.

Read More

2024-05-07 20:13