WASHINGTON (CN) — Federal prosecutors are offering a $10 million reward for the arrest of the federally indicted leader of a Russian cybercrime group.
In the indictment, unsealed Monday in the U.S. District Court for the District of New Jersey, the government charges 31-year-old Dmitry Yuryevich Khoroshev of Voronezh, Russia, with 26 crimes as the leader of the LockBit ransomware group.
LockBit is one of the most active ransomware groups in the world. It licenses its software, which holds users’ data or devices hostage until a ransom is paid, to affiliated cybercriminals for a fee and a percentage of the paid ransom.
The group targeted financial, education, emergency and health care services, raking in more than $500 million from 2,500 victims worldwide — including 1,800 in the United States — since 2020, according to the Justice Department.
“The LockBit ransomware group represented one of the most prolific ransomware variants across the globe, causing billions of dollars in losses and wreaking havoc on critical infrastructure, including schools and hospitals,” FBI Director Christopher Wray said in a press release announcing the charges. “The charges announced today reflect the FBI’s unyielding commitment to disrupting ransomware organizations and holding the perpetrators accountable.”
In February, an international operation led by law enforcement from the U.S. and United Kingdom infiltrated LockBit’s network and took control of its services.
Prosecutors tag Khoroshev as LockBit's creator, developer and primary operator. Since launching the group in 2019 under the moniker “LockBitSupp,” they say, he has facilitated upgrades of the ransomware’s infrastructure and recruited new developers, and after February's infiltration has led LockBit’s efforts to continue operations.
Khoroshev also maintained a public-facing website to publish data stolen from people who refused to pay the ransom. In the infrastructure seized in February, law enforcement found evidence that Khoroshev retained copies of stolen data from victims who paid the ransom, even though they were promised it would be deleted after payment.
According to the indictment, Khoroshev would receive 20% of all ransom payments for LockBit operations, totaling at least $100 million.
“Dmitry Khoroshev conceived, developed, and administered Lockbit, the most prolific ransomware variant and group in the world, enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe,” U.S. Attorney Philip Sellinger said. “He thought he could do so hidden by his notorious moniker ‘LockBitSupp,’ anonymous and free of any consequence, while he personally pocketed $100 million extorted from Lockbit’s victims.”
The U.S., U.K. and Australia rolled out sanctions against Khoroshev in conjunction with the unsealing of the indictment.
“We will continue to stand with our partners to disrupt ransomware actors that threaten our economies and critical infrastructure,” State Department spokesperson Matt Miller said in a statement.
Khoroshev faces one count of conspiracy to commit fraud and extortion; one count of conspiracy to commit wire fraud; eight counts of intentional damage to a protected computer; eight counts of extortion in relation to confidential information from a protected computer; and eight counts of extortion.
The charges carry a cumulative of 185 years in prison. Each carries a fine of up to $250,000.
Khoroshev is the sixth person related to LockBit to face federal indictment since November 2022. Two of the others are in prison awaiting trial.
“We will continue to work closely alongside our partners, across the U.S. government and around the world to disrupt cybercrime operations like LockBit and to find and hold accountable those responsible for them,” U.S. Attorney General Merrick Garland said.
Follow @TheNolanStout
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
