Three days after holding out the lure of releasing new details about the LockBit ransomware gang, a team of American, British and European cyber specialists have unmasked the alleged administrator and developer of the gang: Russian citizen Dmitry Yuryevich Khoroshev.
The US Justice Department released an indictment charging Khoroshev and offered a reward of up to US$10 million (A$15.15 million) for information leading to the arrest and/or conviction of Khoroshev in any country.
The LockBit ransomware — and indeed all other ransomware — only attacks Microsoft's Windows operating system.
The LockBit site on the dark web was seized back in February and an announcement said it was being revived "to update on some unfinished business and to provide some important announcements with regards to the progress of the operation".
{loadposition sam08}The announcement added: "It [the dark web site] remains under the control of the NCA [National Crime Authority] of the UK, working in co-operation with the FBI and the international law enforcement task force, 'Operation Cronos'."
The site will close in another two days and 16 hours from the time of this report.
Another announcement on the site said: "As a result of fully compromising LockBit's platform, Law Enforcement will be co-ordinating activity to identify and deal with LockBit's affiliates.
"As covered previously, a large amount of data has been exfiltrated from LockBit's platform before it was all corrupted. With this data, the NCA and partners continue to co-ordinate inquiries to identify the hackers who pay to be a LockBit affiliate. The Operation Cronos Task Force are making good progress and will provide more detail in due course.
"In the meantime, Lockbitsupp appears now to be giving the affiliates surnames also?"
The US, UK and European agencies all issued their own media releases about the exposing of Khoroshev. The US, UK and Australia have all imposed sanctions on Khoroshev.
It is unlikely that Khoroshev will be in any bothered by any of this drama, though international travel may have to be scrubbed from his plans. LockBit has already set up a new website after this site was seized in February.
Contacted for comment. seasoned ransomware threat researcher Brett Callow, who works for the New Zealand-headquartered security firm Emsisoft, said: "Khoroshev's bowels probably are rather loose at the moment.
"While law enforcement agencies may not be able to go into Russia and arrest him, there’s probably no shortage of people who’d happily bash him on the head and drag him across the border in order to collect the US$10 million reward.
"There’s probably also no shortage of people in Russia who’d like to get their hands on a share of his ill-gotten gains, and some of them may be willing to do quite extreme things to do so."
All screenshots in this article are taken by Sam Varghese from the seized LockBit site on the dark web.