May 08, 2024 16:00:00

Sanctions imposed after Russian leader of ransomware group 'LockBit,' believed to be mastermind of Nagoya Port cyber attack, identified

An indictment has been issued against a Russian man who is said to be the leader of the ransomware group 'LockBit' for his involvement in creating and developing ransomware used around the world. The United States, the United Kingdom, and Australia have imposed sanctions such as travel bans and asset freezes, and it has been announced that a reward of up to $10 million (approximately 1.55 billion yen) will be offered for information leading to his arrest.

Office of Public Affairs | US Charges Russian National with Developing and Operating LockBit Ransomware | United States Department of Justice

https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware

LockBit leader unmasked and sanctioned - National Crime Agency
https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned

LockBit provides hackers and fellow actors with 'ransomware as a service (RaaS),' providing them with the tools and infrastructure to carry out attacks. It is alleged that it has effectively supported attacks against government organizations and private companies in various countries. LockBit is also suspected of being behind the cyber attack against the Port of Nagoya in July 2023.

Nagoya Port container terminal resumes operations after two days of suspension due to ransomware attack, first time in Japan that port facility operations have been halted due to cyberattack - GIGAZINE

In order to prevent such activities, an international law enforcement force called 'Operation Kronos,' which includes judicial authorities from about 10 countries including the United States, the United Kingdom, and Japan, was launched, and in February 2024, it succeeded in seizing 11,000 domains related to LockBit. Two operators were arrested, and a complex tool developed by the Japanese National Police Agency (PDF file) was made public to the world through Europol (European Criminal Police Organization).

International law enforcement forces arrest two LockBit operators suspected of attacking Nagoya Port and create a tool to recover encrypted files for free - GIGAZINE

Operation Kronos gathered intelligence on LockBit's leader, identifying him as 31-year-old Russian resident Dimitry Yuryevich Khoroshev, against whom the United States and the United Kingdom have filed indictments.

Khoroshev is alleged to have designed LockBit to operate under the RaaS model, and is suspected of having acted as a developer and administrator for LockBit, recruiting other LockBit members, known as 'affiliates,' and maintaining infrastructure, known as the 'control panel,' to provide the tools necessary to deploy LockBit. Khoroshev is also suspected of managing a website, known as the 'data leak site,' which published data stolen from victims who refused to pay the ransom.

The US Department of Justice said, 'Khoroshev invented and developed LockBit, the world's most widely identified ransomware, and organized a group of the same name to cause damage to thousands of victims around the world,' and that he believes he pocketed at least $100 million (approximately 15.5 billion yen). The UK National Crime Agency said, 'These sanctions are very significant and show that cybercriminals like Khoroshev who are wreaking havoc around the world have nowhere to hide.'