Advertisement

Unmasked: Ransomware ringleader named, banned from Australia

The leader of one of the world’s most infamous cybercrime organisations has been named and sanctioned by Australia, the UK and the US.

May 08, 2024, updated May 08, 2024
 LockBit's dark-web leak site that was replaced with the words "this site is now under control of law enforcement," alongside the flags of the U.K., the U.S. and several other nations during the law enforcement press conference (AP Photo/Kelvin Chan)

LockBit's dark-web leak site that was replaced with the words "this site is now under control of law enforcement," alongside the flags of the U.K., the U.S. and several other nations during the law enforcement press conference (AP Photo/Kelvin Chan)

 

Russian citizen Dmitry Yuryevich Khoroshev was identified as having held a senior leadership role at LockBit, a group that provides ransomware to bad actors.

A joint campaign between the UK, the US and Australia found Mr Khoroshev had hidden behind the “LockBitSupp” alias since the group’s inception about September 2019 and acted as its developer and administrator until May.

Naming the Russian citizen could prevent further crimes, Australian Federal Police acting assistant commissioner Chris Goldsmid said.

“By taking away his anonymity, it has severely undermined Khoroshev’s credibility with cyber criminals and also signals any dealings they have with him could be subject to law enforcement action,” he said in a statement on Wednesday.

Foreign Minister Penny Wong also revealed Australia had banned Mr Khoroshev from travelling to Australia and imposed sanctions that would make it a criminal offence to provide assets to him, or to use or deal with his assets.

“Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behaviour, and holding accountable those who flout the rules,” she said.

Those who pay for LockBit’s services can use them to block access to essential functions or steal and leak data, forcing victims to pay a ransom.

LockBit was behind 18 per cent of reported Australian ransomware incidents in 2022-23 and targeted 119 people in Australia.

InQueensland in your inbox. The best local news every workday at lunch time.
By signing up, you agree to our User Agreement andPrivacy Policy & Cookie Statement. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Home Affairs Minister Clare O’Neil said the government’s announcement would deter malicious cyber activity.

“For too long, criminals like those behind LockBit have hidden in the shadows,” she said.

“The damage done by LockBit in Australia is significant.

“This sanction is an important step in breaking the ransomware business model, preventing cybercriminals from profiting from attacks on Australian citizens and businesses.”

UK authorities say more than 7000 online attacks were built using LockBit’s services between June 2022 and February 2024, with the top five countries hit being the US, UK, France, Germany and China.

Law enforcement agencies from several countries first disrupted LockBit in February, taking over the group’s dark web site to host articles which exposed actions taken against the cybercrime gang.

Its profits have also been frozen, with various law enforcement targeting more than 200 cryptocurrency accounts held by LockBit members.

Investigations into LockBit are ongoing.

This is the second time Australia’s cyber sanctions network has been used after the government imposed sanctions against Alexander Ermakov, who was responsible for a cyber attack on Medibank that affected nearly 10 million Australians.

Local News Matters
Advertisement

We strive to deliver the best local independent coverage of the issues that matter to Queenslanders.

Copyright © 2024 InQueensland.
All rights reserved.
Privacy Policy