A name and a face. American, Australian and British authorities revealed, on Tuesday, May 7, the identity of the main suspect in the investigation into LockBit, a notorious cybercriminal group and one of the best-known actors in the ransomware sphere. According to the American indictment made public, he is Dmitry Khoroshev, a 31-year-old Russian national.
The latter is suspected of being “LockBitSupp”, administrator of the group as well as the or one of the developers of the ransomware strain which has become, in a few years, one of the most virulent in the world. According to American justice, Mr. Khoroshev has been considered the mastermind of LockBit since the birth of the gang in September 2019. Since that date, he has reportedly pocketed nearly $100 million in ransoms. The British, Australian and American authorities have also announced a series of sanctions targeting Dmitry Khoroshev, including a freeze of his personal assets and a travel ban on the territory of these three countries.
Over the course of the investigation, the authorities of around ten countries, including France, were able to obtain a more precise picture of LockBit’s activities. Around 7,000 attacks were carried out using its infrastructure between June 2022 and February 2024, according to the Europol press release published on Tuesday. France is one of the five most targeted countries, along with the United States, the United Kingdom, China and Germany. “These attacks targeted more than a hundred hospitals and companies in the health sector”details Europol.
Read the decryption: Cyberattack against the Corbeil-Essonnes hospital: what we know about the data released
Add to your selections
This is particularly the case, in France, of the Corbeil-Essonnes hospital (Essonne), targeted by a LockBit affiliate in September 2022 and whose activities had been very seriously disrupted. In April, the Cannes hospital (Alpes-Maritimes) saw some of its data published online after refusing to pay a ransom.
Division of tasks
Initially known as ABCD, LockBit is the name given to the software deployed on computers in business or local authority networks to paralyze their operation. A note is then left, inviting the victim to come and negotiate on a dedicated online space, and a ransom is generally demanded in exchange for the file decryption key.
Cybercriminal gangs specializing in ransomware are not uniform groups. There are generally first the “operators”, a hard core of hackers responsible for developing the malicious software, keeping it up to date, but also building a technical infrastructure: a negotiation space for victims, a portal for accomplices and, sometimes, cryptoasset laundering tools obtained as part of the attacks.
You have 49.85% of this article left to read. The rest is reserved for subscribers.
