The United States Department of the Treasury designated Dmitry Yuryevich Khoroshev, a leader of the Russia-based LockBit ransomware group, for his involvement in developing and distributing LockBit ransomware.
The action is a collaborative effort between the US and its allies, including the UK’s National Crime Agency and the Australian Federal Police.
In an effort to disrupt the ransomware ecosystem and hold people accountable for ransomware attacks, the Department of Justice has also indicted Khoroshev, and the Department of State is offering a reward for information leading to his arrest or conviction.
The US government is taking action against LockBit, a Russian-based cybercriminal group. The US disrupted LockBit’s infrastructure and sanctioned its affiliates, which is part of a long-term strategy to fight ransomware.
Additionally, the US is offering a reward for information that can lead to the arrest of a key LockBit member, Dmitry Yuryevich Khoroshev, which indicates the US is actively seeking to dismantle the LockBit ransomware operation.
LOCKBIT: ONE OF THE MOST PROLIFIC RANSOMWARE GROUPS IN THE WORLD
LockBit, a prolific ransomware group, offers Ransomware-as-a-Service (RaaS), as they license their malware to affiliates who launch attacks and extort victims. It also maintains the ransomware, sells access to affiliates, and splits ransom profits.
This model enables a global reach, with affiliates targeting critical infrastructure like healthcare and finance. To maximize pressure, LockBit utilizes double extortion tactics, stealing victim data before encryption and threatening release.
According to the U.S. Department of the Treasury, Dmitry Yuryevich Khoroshev, a leader of the LockBit ransomware gang, was identified as the main operator behind the alias “LockBitSupp.”
Khoroshev is responsible for developing and managing the LockBit ransomware infrastructure, including recruiting new developers and maintaining operations after disruptions by authorities, as this designation by OFAC aims to hinder LockBit’s financial activities and disrupt their cyber operations.
OFAC sanctions freeze the assets of designated individuals and entities, prohibiting US persons and transactions within the US from dealing with them, which aims to pressure targets to change their behavior.
Violations can lead to further sanctions, as OFAC also offers a path for removal from the sanctions list if the targets meet specific criteria. To mitigate sanctions risks from ransomware payments, OFAC advises victims to report attacks to the FBI and consult their Sanctions Compliance Guidance for virtual currency.
Along with other government agencies, CISA provides technical support by describing the methods used by LockBit ransomware attackers and the security holes they use (CVE-2023-4966 Citrix Bleed), which is done to assist organizations in improving their cybersecurity and lowering the effects of future ransomware attacks.
Never forget to check out our YouTube channel, ETHICAL EMPIRE, and keep reading our exciting blogs. Until next time, stay curious, stay secure, and keep exploring the fascinating world of cyber security. See you soon, bye!
