US Charges Creator Of LockBit, The World’s ‘Most Prolific’ Ransomware Group

The U.S. Justice Department is charging a Russian national for his alleged role as the creator, developer, and administrator of the infamous LockBit ransomware group, which has infiltrated such IT firms as Accenture and CDW.

Dimitry Yuryevich Khoroshev, who has also been known as LockBitSupp, LockBit, and putinkrab, 31, of Voronezh, Russia, was charged by a 26-count indictment returned by a grand jury in New Jersey.

The U.S. Department of State also said it would offer a reward of up to $10 million for information leading to Khoroshev’s arrest and/or conviction.

LockBit at times from its inception in September 10, 2019 through the present was considered the most prolific ransomware group in the world.

[Related: Why LockBit Hacker Takedown Could Accelerate Shift To Low-Profile Attacks]

“Earlier this year, the Justice Department and our U.K. law enforcement partners disrupted LockBit, a ransomware group responsible for attacks on victims across the United States and around the world,” said Attorney General Merrick Garland in a statement on Tuesday. “Today we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme, which has targeted over 2,000 victims and stolen more than $100 million in ransomware payments. We will continue to work closely alongside our partners, across the U.S. government and around the world to disrupt cybercrime operations like LockBit and to find and hold accountable those responsible for them.”


The LockBit cybercriminal gang has targeted some of the largest solution provider organizations, including CDW and Accenture. LockBit in October claimed to leak stolen CDW data after demanding an $80 million extortion payment from the IT solution provider. In 2021, LockBit took advantage of credentials accessed during the Accenture cyberattack to go after the consulting giant’s customers.

Khoroshev, for his part as LockBit’s creator, often received a 20 percent share of each ransom payment extorted from LockBit victims. The attacker responsible for an attack would receive the remaining 80 percent, according to the U.S. Justice Department.

Khoroshev is being charged with one count of conspiracy to commit fraud, extortion, and related activity in connection with computers; one count of conspiracy to commit wire fraud; eight counts of intentional damage to a protected computer; eight counts of extortion in relation to confidential information from a protected computer; and eight counts of extortion in relation to damage to a protected computer. The charges carry a maximum penalty of 185 years in prison and each of the 26 counts also carries a maximum fine of $250,000, pecuniary gain to the offender, or pecuniary harm to the victim, the justice department said.

The charges that were unsealed against Khoroshev on Tuesday come after the cybercrime group was disrupted in February when the U.K. National Crime Agency’s (NCA) Cyber Division, which worked in cooperation with the Justice Department, FBI, and other international law enforcement partners, seized a number of public-facing websites used by LockBit. This disruption impacted LockBit actors from attacking and extorting victims by threatening to publish their stolen data, the agencies said.

Leave a Reply

Your email address will not be published. Required fields are marked *