What we gleaned from the indictment of LockBit’s mastermind

The indictment against Dmitry Yuryevich Khoroshev, also known as “LockbitSupp,” sheds light on the operations of LockBit, one of the most notorious ransomware groups to date. Here are some key insights from the indictment:

1. **Identification of the Mastermind**: Khoroshev, a 31-year-old Russian national, is identified as the mastermind behind LockBit. His alias, “LockbitSupp,” was used in his criminal activities.

2. **Charges**: The U.S. Department of Justice has charged Khoroshev with multiple computer crimes, fraud, and extortion related to LockBit’s operations.

3. **Seizure of Infrastructure**: Earlier this year, authorities seized LockBit’s infrastructure, including data banks, providing insight into the group’s operations and methods.

4. **Scope of Criminal Organization**: LockBit is described as a massive criminal organization, which at times has been one of the most prolific and destructive ransomware groups globally.

Overall, the indictment reveals significant details about the inner workings and impact of LockBit, shedding light on the extent of its criminal activities and the efforts of law enforcement to dismantle such cybercriminal enterprises.

A leader of what was once the world’s most harmful cyber crime group has been unmasked and sanctioned by the UK, US and Australia, following an NCA-led international disruption campaign.#Cronos @FBI @Europol

Full story ➡️ https://t.co/ECxlgOTH5E pic.twitter.com/iYz4w2jheK

— National Crime Agency (NCA) (@NCA_UK) May 7, 2024

Khoroshev had a second nickname: putinkrab

The revelation of Dmitry Yuryevich Khoroshev’s online identity as “putinkrab” adds another layer of intrigue to the LockBit saga. The choice of this username, which appears to reference Russian President Vladimir Putin, could suggest a connection to Russian nationalist sentiments or political ideology. However, without further context or confirmation from Khoroshev himself, it’s difficult to ascertain the motivations behind this alias.

While there are online profiles using the same moniker on platforms like Flickr, YouTube, and Reddit, it’s uncertain whether these accounts are associated with Khoroshev. Nonetheless, the discovery of this online identity underscores the complexities of tracking and understanding the individuals behind cybercriminal operations, as they often operate under multiple aliases and personas to obfuscate their true identities and motives.

LockBit hit victims in Russia, too

The revelation that Dmitry Yuryevich Khoroshev and his co-conspirators targeted Russian victims with the LockBit ransomware adds an intriguing twist to the usual narrative surrounding Russian cybercrime. Traditionally, there has been a perception that Russian cybercriminals operate with relative impunity as long as they refrain from targeting entities within Russia itself. However, Khoroshev’s actions challenge this assumption and raise questions about the potential response from Russian authorities.

While it’s uncertain whether Russian law enforcement will pursue Khoroshev now that his identity has been revealed, this development could potentially disrupt the perceived immunity enjoyed by cybercriminals who operate within Russia’s borders. It underscores the evolving dynamics of cybercrime and the increasing scrutiny faced by perpetrators, even within their own countries.