In a significant development in the fight against cybercrime, the U.S. Justice Department has unsealed charges against a Russian national for his alleged role as the creator and administrator of the notorious LockBit ransomware group. Dimitry Yuryevich Khoroshev, also known as LockBitSupp, LockBit, and putinkrab, has been indicted on 26 counts by a grand jury in the District of New Jersey.

The LockBit ransomware group, which operated from September 2019 through May 2024, has been described as one of the most prolific and destructive ransomware variants in the world. Under Khoroshev's leadership, the group targeted more than 2,500 victims across 120 countries, including 1,800 victims in the United States. The targets ranged from individuals and small businesses to multinational corporations, hospitals, schools, nonprofit organizations, critical infrastructure, and government agencies.

According to U.S. Attorney Philip R. Sellinger, LockBit caused billions of dollars in losses, extorting at least $500 million in ransom payments from its victims. Khoroshev allegedly received a 20% share of each ransom payment, amounting to at least $100 million in digital currency disbursed to him during the scheme.

The LockBit ransomware was designed to operate under the "ransomware-as-a-service" model. Khoroshev, acting as the group's developer and administrator, orchestrated the deployment of the ransomware code through recruited affiliates. He also maintained the infrastructure, including a control panel for affiliates to carry out attacks and a data leak site to publish stolen data from non-paying victims.

In February 2024, a joint effort by the U.K. National Crime Agency, the Justice Department, the FBI, and other international partners successfully disrupted LockBit by seizing its public-facing websites and control servers. This disruption severely hampered LockBit's operations and diminished its ability to target further victims.

FBI Director Christopher Wray commended the indictment of Khoroshev, emphasizing the FBI's commitment to dismantling ransomware organizations and holding the perpetrators accountable. Law enforcement agencies have also developed decryption capabilities that may help victims restore systems encrypted by LockBit, urging them to contact the FBI.

Khoroshev faces charges of fraud, extortion, wire fraud, intentional damage to protected computers, and extortion in relation to confidential information. If convicted of all charges, he could face a maximum penalty of 185 years in prison. This indictment brings the total number of LockBit members charged to six.

The U.S. Justice Department's efforts to combat cybercrime have received international support. The Department of the Treasury's Office of Foreign Assets Control has designated Khoroshev for his role in launching cyberattacks, and authorities in the United Kingdom and Australia have imposed sanctions on him.

As cyber threats continue to evolve and grow, law enforcement agencies are stepping up their efforts to disrupt and dismantle criminal networks. The indictment of Khoroshev serves as a significant milestone in the investigation and prosecution of the LockBit ransomware group, sending a strong message to those involved in malicious cyber schemes.