Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

LockBit Honcho Faces Sanctions, With Aussie Org Ramifications

Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.

keyboard with an australian flag key
Source: Bonaventura via Alamy Stock Photo

Law enforcement in Australia, Europe, and the US unmasked "LockBitSupp," the ringleader behind the infamous ransomware crime gang, in a move that could have financial implications for companies operating in those regions.

The crew's mastermind turns out to be Russian national Dmitry Yuryevich Khoroshev, 31, of Voronezh, Russia, who reportedly hauled in at least $100 million as part of the gang's prodigious activities. LockBit was responsible for 18% of reported Australian ransomware attacks in 2022 and 2023 and targeted 119 people in Australia, according to a government announcement.

Khoroshev, who allegedly led malware development and operational efforts for the gang, will face sanctions in Australia and elsewhere, which will prevent him from doing any sort of business there, criminal or otherwise. Under Australian law, that means that companies hit by ransomware could face fines if they decide to pay the ransom demands; for individuals, it becomes a criminal offense to provide assets to Khoroshev or materially deal with him in any way.

Dmitry Yuryevich Khoroshev, a pale young man looking at camera insouciantly

"Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behavior, and holding accountable those who flout the rules," said Australia's foreign affairs minister, Penny Wong, in a statement. "Sanctions impose costs and consequences on individuals for their actions — we will continue to use them where and when appropriate."

The move follows the Operation Cronos effort in February, when multiple law enforcement agencies around the world dismantled the group's infrastructure and took over the gang's leak site; in turn, that led to arrests, sanctions, cryptocurrency seizures, and more. But LockBitSupp's true identity remained elusive, even as he bragged that he couldn't be caught.

"Khoroshev, aka LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans," the UK National Crime Agency noted in a statement.

Australia's cybersecurity minister, Clare O'Neil, added, "This sanction is an important step in breaking the ransomware business model, preventing cybercriminals from profiting from attacks on Australian citizens and businesses.

"The damage done by LockBit in Australia is significant. For too long, criminals like those behind LockBit have hidden in the shadows," she said. "Our government is changing that. Hunting down cyber criminals by working with our international partners to hack the hackers and punishing them where we can."

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights