Kodlama 8 Mayıs 2024

What we learned from the indictment of LockBit’s mastermind

On Tuesday, U.S. and U.K. authorities revealed that the mastermind behind LockBit, one of the most prolific and damaging ransomware groups in history, is a 31-year-old Russian named Dmitry Yuryevich Khoroshev, aka “LockbitSupp.”

As it’s customary in these types of announcements, law enforcement published pictures of Khoroshev, as well as details of his group’s operation. The U.S. Department of Justice charged Khoroshev with several computer crimes, fraud, and extortion. And in the process, the feds also revealed some details about LockBit’s past operations.

Earlier this year, authorities seized LockBit’s infrastructure and the gang’s banks of data, revealing key details of how LockBit worked.

Today, we have more details of what the feds called “a massive criminal organization that has, at times, ranked as the most prolific and destructive ransomware group in the world.”

Here’s what we’ve learned from the Khoroshev indictment.

Khoroshev had a second nickname: putinkrab

LockBit’s leader was publicly known by the not-very-imaginative nickname LockBitSupp. But Khoroshev also had another online identity: putinkrab. The indictment doesn’t include any information about the online handle, though it appears to reference Russian President Vladimir Putin. On the internet, however, several profiles using the same moniker on Flickr, YouTube, and Reddit, though it’s unclear if these accounts were run by Khoroshev.

LockBit hit victims in Russia, too

In the world of Russian cybercrime, according to experts, there’s a sacred, unwritten rule: hack anyone outside of Russia, and the local authorities will leave you alone. Surprisingly, according to the feds, Khoroshev and his co-conspirators “also deployed LockBit against multiple Russian victims.”

It remains to be seen if this means Russian authorities will go after Khoroshev, but at least now they know who he is.

Khoroshev kept a close eye on his affiliates

Ransomware operations like LockBit are known as ransomware-as-a-service. That means there are developers who create the software and the infrastructure, like Khoroshev, and then there are affiliates who operate and deploy the software, infecting victims, and extorting ransoms. Affiliates paid Khoroshev around 20% of their proceedings, the feds claimed.

According to the indictment, this business model allowed Khoroshev to “closely” monitor his affiliates, including having access to victim negotiations and sometimes participating in them. Khoroshev even “demanded identification documents from his affiliate Coconspirators, which he also maintained on his infrastructure.” That’s probably how law enforcement was able to identify some of Lockbit’s affiliates.

Khoroshev also developed a tool called “StealBit” that complemented the main ransomware. This tool allowed affiliates to store data stolen from victims on Khoroshev’s servers, and sometimes publish it on LockBit’s official dark web leak site.

LockBit’s ransomware payments amounted to around $500 million

LockBit launched in 2020, and since then its affiliates have successfully extorted at least approximately $500 million from around 2,500 victims, which included “major multinational corporations to small businesses and individuals, and they included hospitals, schools, nonprofit organizations, critical infrastructure facilities, and government and law-enforcement agencies.”

Apart from the ransom payments, LockBit “caused damage around the world totaling billions in U.S. dollars,” because the gang disrupted victims’ operations and forced many to pay incident response and recovery services, the feds claimed.

Khoroshev got in touch with the authorities to identify some of his affiliates

Probably the most shocking of the latest revelations: In February, after the coalition of global law enforcement agencies took down LockBit’s website and infrastructure, Khoroshev “communicated with law enforcement and offered his services in exchange for information regarding the identity of his [ransomware-as-a-service] competitors.”

According to the indictment, Khoroshev asked law enforcement to “[g]ive me the names of my enemies.”

source

Spread the love <3

You may also like...

Nis
09
2024
0
32 Megapiksel ön kamera ve 68W hızlı şarj: Motorola Edge 50 Fusion geliyor!

32 Megapiksel ön kamera ve 68W hızlı şarj: Motorola Edge 50 Fusion geliyor!

Motorola, Edge 50 serisine bir yeni modeli daha eklemeye hazırlanıyor. Geçtiğimiz günlerde Edge 50 Pro’yu tanıtan şirket, şimdi serinin yeni...

Spread the love <3
May
26
2024
0
Nicki Minaj&#039;s Co-op Live show in Manchester postponed at last minute after star&#039;s arrest

Nicki Minaj's Co-op Live show in Manchester postponed at last minute after star's arrest

Nicki Minaj’s concert at the Co-op Live arena in Manchester, attended by thousands of fans, has been postponed at the...

Spread the love <3
Mar
20
2024
0
iPhone 16 ekranı çok daha hassas olacak!

iPhone 16 ekranı çok daha hassas olacak!

2024 yılının başındayız ancak iPhone 16 şimdiden gündemde. Bu yılın Eylül ayında tanıtılması beklenen yeni modelle ilgili farklı bilgilerde gelmeye...

Spread the love <3
Mar
18
2024
11
How to Create a Figma / Miro Style Canvas with React and TypeScript

How to Create a Figma / Miro Style Canvas with React and TypeScript

Miro and Figma are online collaborative canvas type tools that became very popular during the pandemic. Instead of sticking post...

Spread the love <3
Whatsapp İletişim
Merhaba,
Size nasıl yardımcı olabilirim ?