LockBit Honcho Faces Sanctions, With Aussie Org Ramifications

Law enforcement in Australia, Europe, and the US unmasked "LockBitSupp," the ringleader behind the infamous ransomware crime gang, in a move that could have financial implications for companies operating in those regions.

The crew's mastermind turns out to be Russian national Dmitry Yuryevich Khoroshev, 31, of Voronezh, Russia, who reportedly hauled in at least $100 million as part of the gang's prodigious activities. LockBit was responsible for 18% of reported Australian ransomware attacks in 2022 and 2023 and targeted 119 people in Australia, according to a government announcement.

Khoroshev, who allegedly led malware development and operational efforts for the gang, will face sanctions in Australia and elsewhere, which will prevent him from doing any sort of business there, criminal or otherwise. Under Australian law, that means that companies hit by ransomware could face fines if they decide to pay the ransom demands; for individuals, it becomes a criminal offense to provide assets to Khoroshev or materially deal with him in any way.

"Australia remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behavior, and holding accountable those who flout the rules," said Australia's foreign affairs minister, Penny Wong, in a statement. "Sanctions impose costs and consequences on individuals for their actions — we will continue to use them where and when appropriate."

The move follows the Operation Cronos effort in February, when multiple law enforcement agencies around the world dismantled the group's infrastructure and took over the gang's leak site; in turn, that led to arrests, sanctions, cryptocurrency seizures, and more. But LockBitSupp's true identity remained elusive, even as he bragged that he couldn't be caught.

"Khoroshev, aka LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans," the UK National Crime Agency noted in a statement.

Australia's cybersecurity minister, Clare O'Neil, added, "This sanction is an important step in breaking the ransomware business model, preventing cybercriminals from profiting from attacks on Australian citizens and businesses.

"The damage done by LockBit in Australia is significant. For too long, criminals like those behind LockBit have hidden in the shadows," she said. "Our government is changing that. Hunting down cyber criminals by working with our international partners to hack the hackers and punishing them where we can."