cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Australia joins US, UK governments in sanctioning LockBit hacker

Dmitry Yuryevich Khoroshev has been named as ransomware mastermind, with a US$10 million bounty placed on his arrest.

user icon David Hollingworth
Wed, 08 May 2024
Australia joins US, UK governments in sanctioning LockBit hacker
expand image

The Australian government has announced sweeping sanctions against a Russian national behind the LockBit ransomware gang.

Dmitry Yuryevich Khoroshev, 31, has been identified as a key hacker in the group and the man behind the online identity LockBitSupp.

Khoroshev was identified during investigations under Operation Cronos, an international operation supported by the Australian Signals Directorate and Australian Federal Police alongside law enforcement agencies in both the UK and the US.


Clare O’Neil, Australia’s Minister for Cyber Security, said in a statement that Australia is committed to fighting cyber crime.

“Today’s announcement demonstrates the Australian government’s ongoing commitment under the 2023–2030 Australian Cyber Security Strategy to continue to deter and respond to malicious cyber activity,” O’Neil said.

“This sanction is an important step in breaking the ransomware business model, preventing cyber criminals from profiting from attacks on Australian citizens and businesses.

“The damage done by LockBit in Australia is significant. For too long, criminals like those behind LockBit have hidden in the shadows. Our government is changing that. Hunting down cyber criminals by working with our international partners to hack the hackers and punishing them where we can.”

AFP Cyber Command’s acting Assistant Commissioner Chris Goldsmid said the AFP supports the decision to name the hacker.

“By taking away his anonymity, it has severely undermined Khoroshev’s credibility with cyber criminals and also signals any dealings they have with him could be subject to law enforcement action,” Goldsmid said in a separate statement.

“Since 2019, LockBit has caused billions of dollars’ worth of harm across the globe, including millions of dollars lost by Australian individuals and businesses.

“In cooperation with international partners under Operation Cronos, the AFP has used information collected to trace the global LockBit network and build the global case against the ransomware criminal group.”

The AFP is continuing to work with 119 Australian victims of the LockBit gang, and it played a leading part in building the statement of case for the sanctions.

“For months now, the AFP has been sharing information with Operation Cronos partners to dismantle LockBit, which is considered the world’s most prolific ransomware group,” Goldsmid said.

“In Australia, we have a range of evidence and information to work through, including IP addresses, tools and software deployed on Australian-owned systems, plus the infrastructure and communication used by cyber criminals.”

The sanctions make it a criminal offence to share assets with Khoroshev or make use of or deal with his own assets.

The US Justice Department used LockBit’s own darknet infrastructure to name the hacker, as well as details of a US$10,000,000 bounty for any information leading to Khoroshev’s arrest.

“Earlier this year, the Justice Department and our UK law enforcement partners disrupted LockBit, a ransomware group responsible for attacks on victims across the United States and around the world,” US Attorney-General Merrick B. Garland said in a DOJ statement.

“Today, we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme, which has targeted over 2,000 victims and stolen more than US$100 million in ransomware payments. We will continue to work closely alongside our partners, across the US government and around the world, to disrupt cyber crime operations like LockBit and to find and hold accountable those responsible for them.”

The Department of Justice also revealed that it has charged Khoroshev with a 26-count indictment for his crimes.

“Today’s indictment of LockBit developer and operator Dimitry Yuryevich Khoroshev continues the FBI’s ongoing disruption of the LockBit criminal ecosystem,” FBI director Christopher Wray said.

“The LockBit ransomware group represented one of the most prolific ransomware variants across the globe, causing billions of dollars in losses and wreaking havoc on critical infrastructure, including schools and hospitals. The charges announced today reflect the FBI’s unyielding commitment to disrupting ransomware organisations and holding the perpetrators accountable.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.