Finally known who is behind LockBit ransomware gang: FBI offers 10 million | Tech

LockBit is one of the largest and best-known gangs offering ransomware as a service. Other criminals can purchase the software from LockBit and use it to carry out attacks. Ransomware encrypts computer systems so that companies can no longer access the files. The criminals then demand a ransom to release the systems.

The leader of LockBit was previously known as LockBitSupp, but he kept his real identity secret. Over the years he imagined himself inviolable. When Lockbit’s website was taken over by a collaboration of international authorities last February, he laughed it off too. He forgot to patch his servers, he said. “Five years of swimming in money has made me lazy.”

Now, investigative services are going all out with Khoroshev’s announcement. On “In this way they send a signal and put LockBit to shame,” says Willem Zeeman of cybersecurity company Fox-IT.

LockBit has been around since 2019 and is said to have claimed thousands of victims in about 120 countries. That earned them hundreds of millions of euros. In the Netherlands, LockBit is best known for the attack on the KNVB. The football association paid a ransom to prevent stolen personal data of members, for example, from becoming public.

The leader of the gang says the FBI is bluffing with this announcement and that his name is not Khoroshev. But that is not very plausible, experts think.

“I assume they have the right one,” says Zeeman. “So many countries and authorities have contributed to this. They will not just publish something. Because if it is the wrong one, you will destroy his life.”

Cybersecurity specialist Daan Keuper from Computest agrees with this. “This is probably not based on one piece of evidence,” he says. It is not known how Khoroshev came into the spotlight. “But if you spend so long anonymously on the internet, you will make a mistake at some point,” says Keuper. “Ultimately, for example, you want to spend your earned money on something. So you leave your mark.”

The FBI is now offering a $10 million reward for the tip leading to Khoroshev’s arrest. “They can’t catch him now,” says Keuper. “Because he lives in Russia and that country has no extradition agreements with the United States. But he can be put on a sanctions list, so that he can be arrested if he crosses the border. And abroad they can freeze his crypto assets. They can are affected in other ways.”

Now that Khoroshev has been revealed as the mastermind behind LockBit, he will think twice before going abroad. But presenting his identity also has advantages. “Criminals will probably not be so quick to do business with him anymore,” says Keuper. “Because they then think: the FBI knows who you are, so my own identity may not be well protected.”

LockBit has suffered a major dent as a result. Keuper expects that the gang will now finally throw in the towel. Zeeman says that Khoroshev stopped a little too late. “He has probably been financially independent for a long time. That is why LockBit was able to force companies to pay. They had nothing to lose.”

The ransomware makers were trusted by many other criminals. Zeeman explains that they managed to create trust with working software and good services. “A strong brand,” he says. “When we had to deal with LockBit issues, we always saw that everything was properly locked down, with little chance of system recovery. With less known ransomware it was often a matter of tinkering.”

Now that the authorities are cracking down on LockBit, ransomware has not suddenly disappeared. It’s still lucrative, the experts say. Although it is true that trends shift. Now that companies are better equipped against ransomware attacks with good backups, criminal organizations are increasingly stealing data and extorting victims without encrypting everything.

The gangs therefore more often attract data experts instead of malware experts. “They know how to browse through stolen information and identify files with the most financial value,” Keuper explains. “The business model of criminals is changing.”