US, UK authorities unmask Russian national as LockBit administrator | CyberScoop<\/title> <meta name=\"description\" content=\"Dmitry Yuryevich Khoroshev is the driving force behind one of the most virulent ransomware syndicates in recent years, authorities said.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"US, UK authorities unmask Russian national as LockBit administrator\"> <meta property=\"og:description\" content=\"Dmitry Yuryevich Khoroshev is the driving force behind one of the most virulent ransomware syndicates in recent years, authorities said.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-05-07T15:30:23+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1715102144g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1715023658g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1715025738g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80370\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80370\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fus-uk-authorities-unmask-russian-national-as-lockbit-administrator%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fus-uk-authorities-unmask-russian-national-as-lockbit-administrator%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80370 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.862527716186\">\n<div class=\"single-article__header-content\" readability=\"31.308333333333\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Dmitry Yuryevich Khoroshev is the driving force behind one of the most virulent ransomware syndicates in recent years, authorities said. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A pedestrian walks past a seal reading “Department of Justice Federal Bureau of Investigation”, displayed on the J. Edgar Hoover FBI building, in Washington, DC, on August 15, 2022. (Photo by MANDEL NGAN \/ AFP) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.433068257124\"><body readability=\"84.178470919325\"><\/p>\n<p>The U.S. and British governments on Tuesday identified Dmitry Yuryevich Khoroshev as the leader, developer and administrator of the LockBit ransomware operation, one of the most prolific and profitable cybercriminal syndicates in recent years.<\/p>\n<p>Khoroshev, a Russian national, has been LockBit\u2019s main administrator and developer since at least September 2019 continuing through the present, U.S. federal prosecutors said in an <a href=\"https:\/\/www.justice.gov\/opa\/media\/1350921\/dl?inline\">indictment unsealed<\/a> Tuesday. Since its inception, LockBit has been used in attacks against more than 2,500 targets in at least 120 countries, leading to at least $500 million in ransom payments to Khoroshev and his affiliates and \u201cbillions of dollars in broader losses, such as revenue, incident response, and recovery,\u201d the <a href=\"https:\/\/www.justice.gov\/opa\/pr\/us-charges-russian-national-developing-and-operating-lockbit-ransomware\">Department of Justice said<\/a> in a statement.<\/p>\n<p>Khoroshev is charged with one count of conspiracy to commit fraud, extortion and related activity in connection with computers, one count of conspiracy to commit wire fraud, eight counts of intentional damage to a protected computer, eight counts of extortion in relation to confidential information from a protected computer, and eight counts of of extortion in relation to damage to a protected computer.<\/p>\n<p>The charges carry a maximum penalty of 185 years in person, according to the DOJ.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Alongside the indictment, the <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2326\">U.S.<\/a>, <a href=\"https:\/\/nca-newsroom.prgloo.com\/news\/op-cronos\">British<\/a> and Australian governments announced sanctions against Khoroshev. The <a href=\"https:\/\/www.state.gov\/transnational-organized-crime-rewards-program-2\/lockbit-ransomware-administrator-dmitry-yuryevich-khoroshev\/\">U.S. State Department also announced a $10 million reward<\/a> for any information leading to his arrest and\/or conviction.<\/p>\n<p>\u201cAs part of our unrelenting efforts to dismantle ransomware groups and protect victims, the Justice Department has brought over two dozen criminal charges against the administrator of LockBit, one of the world\u2019s most dangerous ransomware organizations,\u201d Deputy Attorney General Lisa Monaco said in a statement. \u201cWorking with U.S. and international partners, we are using all our tools to hold ransomware actors accountable \u2014 and we continue to encourage victims to report cyberattacks to the FBI when they happen. Reporting an attack could make all the difference in preventing the next one.\u201d<\/p>\n<p>Tuesday\u2019s actions come a little more than two months after an international law enforcement operation <a href=\"https:\/\/cyberscoop.com\/fbi-operation-seizes-infrastructure-of-lockbit-ransomware-group\/\">seized parts of the LockBit infrastructure<\/a> as part of \u201cOperation Cronos.\u201d As part of that operation, the <a href=\"https:\/\/www.documentcloud.org\/documents\/24435142-sungatov_kondratyev\">U.S. government unsealed indictments<\/a> against two Russian nationals for their alleged roles in facilitating LockBit attacks: Artur Sungatov and Ivan Gennadievich Kondratyev (also known as \u201cBassterlord\u201d). <\/p>\n<p>After the February operation, authorities teased that they knew the identity of the main administrator \u2014 the actual person behind the \u201cLockBitSupp\u201d persona that communicates with journalists and others online, and used LockBit\u2019s website to share information about the operation. <\/p>\n<p>LockBitSupp <a href=\"https:\/\/cyberscoop.com\/lockbit-comeback-less-than-a-week-after-major-disruption\/\">reconstituted some of the infrastructure<\/a> after the disruption, and attempted to make it look like it was business as usual, even as observers said LockBit was reposting old victims and claiming they were new. The new site listed 44 new victims and 25 victim updates, according to the Secureworks Counter Threat Unit, the majority of which were genuinely new. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cSince Operation Cronos took disruptive action, LockBit has been battling to reassert its dominance and, most importantly, its credibility within the cybercriminal community,\u201d Secureworks Counter Threat Unit VP Don Smith said in an email to CyberScoop. \u201cThe psychological element of the action taken by law enforcement was extremely effective, the group\u2019s efforts to re-establish its previous reputation have not gone particularly well. Today\u2019s unmasking of Dmitry Khoroshev aka LockBit Supp, demonstrates the ability of law enforcement to deny cybercriminals the safety blanket of anonymity and place them at risk of arrest and prosecution if they travel out with their home country.\u201d<\/p>\n<p>The weekend prior to the announcement, authorities in control of LockBit\u2019s website hinted that more information about LockBitSupp\u2019s identity was coming. When asked about the authorities\u2019 looming announcement, LockBitSupp offered CyberScoop a simple reaction: \u201cI don\u2019t know,\u201d he said via online chat. \u201cI like it.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.0362595419847\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US, UK authorities unmask Russian national as LockBit administrator |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,338,669,462,46],"tags":[286,341,671,463,54],"class_list":["post-3452","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-department-of-justice-doj","category-federal-bureau-of-investigation-fbi","category-lockbit","category-ransomware","tag-cybercrime","tag-department-of-justice-doj","tag-federal-bureau-of-investigation-fbi","tag-lockbit","tag-ransomware"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lockbit\/\" rel=\"category tag\">LockBit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a>","tag_info":"ransomware","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3452"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3452\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":3452,"date":"2024-05-07T10:30:23","date_gmt":"2024-05-07T15:30:23","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80370"},"modified":"2024-05-07T10:30:23","modified_gmt":"2024-05-07T15:30:23","slug":"us-uk-authorities-unmask-russian-national-as-lockbit-administrator","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/07\/us-uk-authorities-unmask-russian-national-as-lockbit-administrator\/","title":{"rendered":"US, UK authorities unmask Russian national as LockBit administrator"},"content":{"rendered":"