ARTICLE AD
The US Department of Justice (DOJ) has identified Russian national Dmitry Khoroshev as the mastermind behind the notorious LockBit ransomware gang and is offering a $10 million reward for information leading to his arrest.
In a 26-count criminal indictment unsealed Tuesday morning, prosecutors allege that Khoroshev, 31, developed, promoted, and oversaw the LockBit software, recruiting “affiliates” on cybercriminal forums who carried out the actual ransomware attacks. Affiliates would give Khoroshev a 20% cut of their earnings, typically paid in bitcoin (BTC), once a ransom was paid.
According to prosecutors, LockBit became one of the most prolific ransomware tools in the world between its inception in 2019 and the seizure of most of its infrastructure earlier this year. The gang’s network of affiliates attacked approximately 2,500 victims, 1,800 of which were in the US, and extorted an estimated $500 million in ransom payments.
The indictment states that Khoroshev received $100 million in bitcoin disbursements from LockBit’s activities over the course of its operation. US authorities are also seeking forfeiture of his ill-gotten gains.
In addition to the criminal charges, Khoroshev has been sanctioned by the US Treasury Department’s Office of Foreign Assets Control (OFAC), prohibiting all US persons, including future victims of a LockBit ransomware attack, from transacting with him.
One Bitcoin address associated with Khoroshev was added to the department’s “Specially Designated Nationals” list. Notably, search results indicate that this address only had two transactions, with the last transaction dated 2021.
However, law enforcement actions against LockBit are far from over. In February 2024, the National Crime Agency (NCA) and multinational law enforcement agencies, supported by private sector intelligence, carried out “Operation Cronos,” which dealt a significant blow to LockBit’s operations.
The operation resulted in the seizure of LockBit’s dark web sites, hacking infrastructure, source code, and cryptocurrency accounts, as well as the recovery of over 1,000 decryptor keys to help victims recover encrypted data. Two individuals were arrested, and sanctions were levied on Russian LockBit affiliates.
According to Chainalysis, they have identified hundreds of active wallets and 2,200 Bitcoin — worth nearly $110 million — in unspent LockBit ransomware proceeds that are yet to be laundered and transferred.
Despite the charges and sanctions, Khoroshev remains at large and, according to a March interview with The Record, continues to operate LockBit. Five other LockBit members have been charged with crimes for participating in the criminal operation, with at least one, dual Russian-Canadian national Mikhail Vasiliev, sentenced to prison.
Khoroshev faces a total of 26 charges, including conspiracy to commit fraud, extortion, wire fraud, intentional damage to protected computers, and extortion in relation to information unlawfully obtained from protected computers. If convicted, he could face a maximum of 185 years in prison.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.