In a collaborative effort with international partners, the United States has revealed the identity of Dmitry Yuryevich Khoroshev, a senior leader of the Russia-based LockBit ransomware group. Khoroshev, a Russian national, has been designated for his involvement in developing and distributing the notorious LockBit ransomware.

The U.S. Department of Justice, Federal Bureau of Investigation, and agencies from the United Kingdom and Australia have worked together to impose sanctions on Khoroshev, as well as unsealing an indictment against him. The Department of State has also announced a reward of up to $10 million for information leading to his arrest or conviction.

LockBit, one of the most prolific ransomware groups globally, has targeted over 2,500 victims worldwide and allegedly received ransom payments exceeding $500 million. The ransomware group has become known for its double extortion tactics, where large amounts of data are exfiltrated from victims before encrypting their systems and demanding ransom payments.

Operating on a Ransomware-as-a-Service model, LockBit licenses its ransomware software to affiliated cybercriminals in exchange for payment, including a percentage of the paid ransoms. Affiliates have attacked organizations across critical infrastructure sectors such as finance, education, emergency services, and healthcare.

Dmitry Yuryevich Khoroshev has played various operational and administrative roles within the LockBit group, benefiting financially from ransomware attacks. He has been responsible for managing affiliates, upgrading the LockBit infrastructure, and continuing operations despite previous disruptions by the United States and its allies.

Khoroshev's designation falls under Executive Order (E.O.) 13694, as amended by E.O. 13757, citing his involvement in cyber-enabled activities. As a result, all property and interests in the United States or under the control of U.S. persons linked to Khoroshev must be blocked and reported to the Office of Foreign Assets Control (OFAC). Engaging in transactions with Khoroshev may also expose individuals to potential designation.

The United States reiterates its commitment to dismantling the ransomware ecosystem and holding accountable those who target American critical infrastructure and citizens. This latest action reflects a long-term and coordinated effort to disrupt and degrade the ransomware landscape, particularly as Russia continues to serve as a safe haven for cybercriminals.

To mitigate ransomware risks, OFAC has issued an advisory on facilitating ransomware payments, while the Cybersecurity & Infrastructure Security Agency has published cybersecurity advisories on LockBit threat actors and their exploitation of vulnerabilities.

The U.S. government encourages all ransomware victims to report attacks to relevant agencies and seek compliance with applicable sanctions regulations. By taking a firm stance against cybercriminals, the United States aims to bring about positive changes in behavior and protect the integrity of its digital landscape.

The battle against ransomware continues, as global cooperation and collective action remain key in combating this growing threat to cybersecurity.