NCA Reveals Identity of LockBit Ransomware Group Leader

The UK’s National Crime Agency (NCA) announced a major breakthrough today in investigating the notorious LockBit ransomware gang.

LockBit, a ransomware-as-a-service (RaaS) operation, has been responsible for numerous high-profile cyberattacks since its emergence in 2019.

The group is known for its malicious software that encrypts victims’ data and demands ransom for decryption keys. Over the years, LockBit has targeted a wide range of sectors globally, including healthcare, education, and government, causing extensive financial and operational damage.

After infiltrating LockBit’s network and seizing control of their infrastructure, the NCA revealed they had identified the group’s leader, known by the online alias “LockBitSupp.”

Dmitry Khoroshev, also known by his online alias “LockBitSupp,” has been a shadowy figure in the cyber underworld, orchestrating one of the most harmful cybercrime operations in recent history.

Under Khoroshev’s leadership, the LockBit ransomware group has been responsible for a series of high-profile attacks, causing significant financial and operational damage to numerous organizations worldwide.

For years, LockBitSupp’s real identity remained a mystery as he carefully concealed his name and location while communicating on cybercrime forums.

However, in a statement, NCA Director General Graeme Biggar said they now know where LockBitSupp lives, his net worth, and that he has “engaged with law enforcement” in the past.

The NCA’s infiltration dealt a crippling blow to LockBit’s criminal enterprise. In the last 4 years, LockBit has been one of the most prolific ransomware gangs, responsible for 44% of all global ransomware incidents in early 2023.

Their attacks impacted thousands of victims worldwide, including approximately 1,700 in the US alone, extorting over $91 million in ransom payments.

Operation Cronos, led by the NCA, involved cooperation from the FBI, Europol, and other international partners. The operation focused on disrupting the infrastructure of the LockBit ransomware group, which has been responsible for numerous cyberattacks across various sectors worldwide. 

As part of the takedown, codenamed Operation Cronos, the NCA seized LockBit’s source code, decryption keys, and a trove of data from their servers that are now being used to expose the gang’s operations and affiliates further.

The NCA has taken over LockBit’s dark web leak site to post daily updates with this intelligence.

Recent investigations have revealed that the head of the notorious Lockbit ransomware group had been using an email account hosted on Apple’s iCloud service.

While the NCA has not yet publicly named LockBitSupp, their ability to gather personal details on the once-anonymous criminal mastermind sends a powerful message. “Our work does not stop here,” Biggar warned, vowing further action against LockBit and its affiliates.

The NCA’s breakthrough, assisted by the FBI and law enforcement from 9 other countries, marks a significant victory in the ongoing battle against the global ransomware epidemic.

The sanctions against Khoroshev, also known by his online alias “LockBitSupp,” include asset freezes and travel bans, coordinated by the UK, US, and Australia.

In addition, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs have been instrumental in these efforts.

The US has offered a reward of up to $10 million for information leading to the arrest and conviction of Khoroshev.

However, with LockBit’s affiliates still at large, organizations worldwide must remain vigilant in securing their networks against the ever-evolving ransomware threat.

The fight against ransomware is far from over, but actions like these are vital steps forward in securing cyberspace for all.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.