Alleged Russian hacker unmasked as Bermuda joins sanctions effort
A financial sanctions notice has Bermuda joining Britain and other nations in sanctioning a 31-year-old Russian national, Dmitry Yuryevich Khoroshev, for alleged cyber hacking offences.
On Tuesday, the UK, the US and Australia unmasked Khoroshev, with Britain adding his name to the national sanctions list, which is adhered to by Bermuda.
The US Government has added a second multimillion-dollar reward in relation to the alleged cyber criminal, targeting LockBit ransomware as a service.
The US Department of Justice stated on Tuesday that over the past four years, LockBit was at times the most prolific ransomware group in the world.
HM Treasury’s Office of Financial Sanctions Implementation statement, through a notification from the Financial Sanctions Implementation Unit, was posted by the Bermuda Monetary Authority for the benefit of their regulated institutions.
In February, the US State Department offered under their Transnational Organised Crime Rewards Programme up to $10 million for information leading to the identification or location of any individual(s) who held a key leadership position in the Transnational Organised Crime group behind the LockBit ransomware variant.
In addition, a reward offer of up to $5 million was offered for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in LockBit ransomware activities.
At the time, officials had no identity, nationality or citizenship for those behind the group, despite years of law enforcement efforts worldwide, and even as the number of ransomware victims per month increased from approximately 200 in 2022 to over 340 in 2023.
This week, a new series of measures include a second phase of what the countries are calling Operation Cronos.
Europol said in a statement on Tuesday that the man they think is the administrator and developer of LockBit, the Russian national, is now subject to a series of asset freezes and travel bans issued by the Foreign Office, alongside the US Department of the Treasury’s Office of Foreign Assets Control and the Australian Department of Foreign Affairs and Trade.
The statement added: “Prosecutors in the United States have also unsealed an indictment against him based on his alleged role as the creator, developer and administrator of the LockBit ransomware variant.
“Additionally, authorities in the United States are offering a reward of up to $10 million for information leading to his arrest and/or conviction.
“These measures follow a first phase of action in February 2024 which was led by the UK’s National Crime Agency and resulted in the compromise of LockBit’s primary platform and other critical infrastructure.
“The sanctions form part of a concerted campaign supported by Europol and Eurojust to severely damage the capability and credibility of the LockBit ransomware group.
“The true impact of LockBit’s criminality was previously unknown, but data obtained from their systems showed that more than 7,000 attacks were built using their services between June 2022 and February 2024.
“The top five countries hit were the United States, United Kingdom, France, Germany and China.“
The NCA said that Khoroshev, aka LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans.
The NCA said: “The actions targeting Khoroshev form part of an extensive and ongoing investigation into the LockBit group by the NCA, FBI, and international partners who form the Operation Cronos task force.
“LockBit provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure to carry out attacks.”
Investigators now have 2,500 decryption keys and are continuing to contact LockBit victims to offer support.
Europol’s European Cybercrime Centre has disseminated some 3,500 intelligence packages containing information about LockBit victims to 33 countries.
The statement continued: “With Europol’s support, the Japanese Police, the National Crime Agency and the Federal Bureau of Investigation have concentrated their technical expertise to develop decryption tools designed to recover files encrypted by the LockBit ransomware.
“These solutions have been made available for free on the No More Ransom portal, available in 37 languages.
“After seizing control in February, the ransomware group’s leak site on the dark web was redesigned by law enforcement to instead host a series of articles exposing the different actions undertaken against LockBit.
“The NCA-controlled leak site is once again being used to host a range of information exposing the criminal group.”
Europol said the investigation continues to identify affiliates — those who used LockBit services and carried out attacks — and ensure they face law enforcement action.
The concerted campaign by the international Operation Cronos task force to target and disrupt LockBit ransomware is ongoing, involving authorities in ten countries.
Need to
Know
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service