Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Top LockBit hacker revealed to be Russian

Dmitry Khoroshev, AKA LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity,

Barney Davis
Tuesday 07 May 2024 12:51 EDT
Dmitry Khoroshev, AKA LockBitSupp
Dmitry Khoroshev, AKA LockBitSupp (NCA)

A top hacker who is believed to have been behind a number of high profile cyberattacks on the West including one on the Royal Mail has been revealed as a Russian national.

Dmitry Khoroshev has been unmasked as the administrator and developer of the LockBit ransomware group and landed with asset freezes and travel bans by the National Crime Agency (NCA) working with the FBI and other international partners.

Khoroshev, who was known under the name AKA LockBitSupp, thrived on his anonymity, according to the NCA who previously offered a $10 million reward to anyone who could reveal his identity.

The site had been used by LockBit to sell services, including ransomware, to hackers which would allow them to breach people’s computer networks.

The group is believed to have been behind a number of high profile cyber attacks in recent years, including one on Royal Mail last year.

The LockBit website was taken over by law enforcement (NCA/PA)
The LockBit website was taken over by law enforcement (NCA/PA) (NCA/PA)

Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.

In February the website was taken under the control of the UK’s National Crime Agency “working in close cooperation with the FBI and the international law enforcement task force, Operation Cronos”.

Data obtained from their systems showed that between June 2022 and February 2024, more than 7,000 attacks were built using their services. The top five countries hit were the US, UK, France, Germany and China.

Attacks targeted over 100 hospitals and healthcare companies and at least 2,110 victims were forced into some degree of negotiation by cyber criminals.

After an affiliate attack against a children’s hospital in December 2022, LockBitSupp issued an apologetic statement on their leak site and confirmed it had provided the decryptor to the victims for free.

LockBitSupp revealed to be Dmitry Khoroshev
LockBitSupp revealed to be Dmitry Khoroshev (NCA)

NCA Director General Graeme Biggar said: “These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe. He was certain he could remain anonymous, but he was wrong.

“We know our work to disrupt LockBit thus far has been extremely successful in degrading their capability and credibility among the criminal community. The group’s attempt at rebuilding has resulted in a much less sophisticated enterprise with significantly reduced impact.”

Sanctions Minister, Anne-Marie Trevelyan added: “In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cyber-criminal activity emanating from Russia.”

The revelation came as prime minister Rishi Sunak has declined to identify the “malign actor” behind a cyber attack on the Ministry of Defence (MoD) revealed on Monday amid speculation China carried out the hack.

The government has confirmed that a third-party payroll system was hacked, potentially compromising the bank details of service personnel and veterans. A very small number of addresses may also have been accessed.

Speaking to broadcasters in south-east London, Mr Sunak said there were “indications that a malign actor” had compromised the database, but declined to attribute the attack to a specific state or “actor”.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in