The U.S. Treasury Department on Tuesday announced sanctions, including a $10 million reward for the arrest and/or conviction of the Russian national identified as the leader of transnational and Russia-based LockBit ransomware group. File Photo by Ritchie B. Tongo/EPA-EFE
The U.S. Department of Treasury has sanctioned Dmitry Yuryevich Khoroshev, a Russian national and alleged leader of the Russia-based LockBit ransomware group.
The Treasury Department in a news release Tuesday announced Khoroshev’s indictment and an up-to $10 million reward for information leading to his arrest and/or conviction for conspiring and participating in organized transnational crime. Advertisement
“Today’s action reaffirms our commitment to dismantling the ransomware ecosystem and exposing those who seek to conduct these attacks against the United States, our critical infrastructure and our citizens,” said Brian Nelson, undersecretary the Treasury for Terrorism and Financial Intelligence.
“The United States, in close coordination with our British and Australian partners, will continue to hold accountable the individuals responsible for these disruptive and threatening activities,” Nelson said.
The Department of Justice and FBI collaborated with the U.K. National Crime Agency, Australian Federal Police and other international partners to indict Khoroshev for his alleged organized criminal activities.
Law enforcement officials in the U.K and Australia likewise are announcing respective indictments of Khoroshev.
The Treasury Department describes Khoroshev as a “core LockBit group leader and developer of the LockBit ransomware” who “performed a variety of operational and administrative roles for the cybercrime group” while enriching himself. Advertisement
The Treasury Department says Khoroshev and other LockBit leaders operate out of Russia where they enjoy a “safe harbor” to “launch ransomware attacks against the United States and its allies and partners.”
The Treasury Department says LockBit is one of the world’s most active ransomware groups and targeted more than 2,500 victims around the world while collecting more than $500 million in ransom payments.
The ransomware attacks include those targeting organizations across many critical infrastructure sectors, including healthcare, emergency services, education and financial services.
LockBit at times engages in what the Treasury Department calls “double extortion tactics” where the ransomware removes large amounts of data before encrypting the computer systems of its targeted victims and demanding ransom payments.
LockBit also licenses its ransomware technology to other criminal organizations in exchange for a fee, including a percentage of paid ransoms, according to the Treasury Department.