WASHINGTON —The U.S. Department of State announced Tuesday a reward of up to $10,000,000 for information leading to the arrest and/or conviction in any country of 31-year-old Dmitry Yuryevich Khoroshev for participating in, conspiring to participate in, or attempting to participate in LockBit ransomware activities, according to a media release.
Since January 2020, the LockBit ransomware variant has executed attacks against over 2,500 victims around the world, to include approximately 1,800 in the United States, issuing hundreds of millions of U.S. dollars in ransom demands and receiving at least as much as $150 million in actual ransom payments made in the form of digital currency.
Ransomware is a type of malicious software, or malware, that prevents a user from accessing computer files, systems, or networks until a ransom is paid for their return. Ransomware incidents can cause costly disruptions to operations and the loss of critical information and data.
In addition, the U.S. Justice Department unsealed charges Tuesday against Khoroshev for his alleged role as the creator, developer, and administrator of the LockBit ransomware group from its inception in September 2019 through the present. At times, LockBit was the most prolific ransomware group in the world.
Khoroshev also known as LockBitSupp, LockBit, and putinkrab, Voronezh, Russia, is charged by a 26-count indictment returned by a grand jury in the District of New Jersey.
The indictment against Khoroshev unsealed Tuesday follows a recent disruption of LockBit ransomware in February by the U.K. National Crime Agency’s (NCA) Cyber Division, which worked in cooperation with the Justice Department, FBI, and other international law enforcement partners. As previously announced by the Department, authorities disrupted LockBit by seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and by seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data. That disruption succeeded in greatly diminishing LockBit’s reputation and its ability to attack further victims, as alleged by the indictment unsealed today.
“Dmitry Khoroshev conceived, developed, and administered Lockbit, the most prolific ransomware variant and group in the world, enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “He thought he could do so hidden by his notorious moniker ‘LockBitSupp,’ anonymous and free of any consequence, while he personally pocketed $100 million extorted from Lockbit’s victims. Through relentless investigation and coordination with our partners at the Criminal Division’s Computer Crime and Intellectual Property Section, the FBI and abroad, we have proven him and his coconspirators wrong. Today’s indictment marks a significant milestone in the investigation and prosecution of LockBit, which has already led to charges against five other LockBit affiliates—two of whom are in custody awaiting trial—and a major disruption of the now discredited LockBit operation.”
In addition, as previously announced, law enforcement developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Victims targeted by this malware are encouraged to contact the FBI at https://lockbitvictims.ic3.gov/ to enable law enforcement to determine whether affected systems can be successfully decrypted.
The FBI does not support the payment of a ransom in response to a ransomware attack. Paying ransom demands encourages more ransomware incidents and provides an incentive to become involved in this type of illegal activity. If you are the victim of a ransomware incident, please visit stopransomware.gov.
Please direct information in response to the reward offer to the FBI via Signal at @FBISupp.01, via Telegram at @LockbitRewards, or by email at [email protected].
ALL IDENTITIES ARE KEPT STRICTLY CONFIDENTIAL.