The LockBit ransomware group recently suffered another major blow at the hands of international law enforcement, as the UK’s NCA revealed the name and face of the group’s long-sought-after leader.
Dmitry Khoroshev, known as ‘LockBitSupp’ on the dark web, was unmasked by the UK’s National Crime Agency (NCA) while the US Department of Justice announced a 26-count indictment against him.
While this is a significant development in the fight against the group, what does it mean for LockBit in the long term and could it have lasting impacts on the ransomware landscape?
In this episode, Jane and Rory speak to speaking to Solomon Klappholz, staff writer at ITPro and our resident expert on all things cyber security, to get us up to speed on the LockBit situation and explore what it means in more detail.
Highlights
“I think this will definitely put the rest of LockBit on red alert, if you will. The DoJ has issued a package of sanctions alongside this bounty, which was to freeze assets and impose travel bans on anyone named to be affiliated with LockBit. So a lot of the cases where previous arrests were made, where cyber criminals had left Russia and were sort of caught on holiday or reveling in Monaco, I think that's less likely now. They're probably going to be living undercover due to this heightened attention they're getting receiving.”
“The NCA released information on how many affiliates were working for LockBit and how they were involved in LockBit’s operations. So I think in total there, they found evidence of 194 affiliates working with LockBit: 46 of these never built an attack, 29 had no victims enter negotiations to pay a ransom and a further 39 negotiated with targets but never got paid. I think what's interesting about that is being a ransomware affiliate, therefore, is quite an uncertain and precarious position. You don't know where your next paycheck might come from.”
“I think that's actually a particularly significant blow to LockBit, hurting their reputation and credibility like that. It's less likely businesses will cooperate with them after they've been compromised, so I think it's important for threat collectives to try and maintain the illusion of trustworthiness or some moral compass.”
Footnotes
- LockBit mastermind unmasked by law enforcement
- LockBit could be done and dusted after NCA operation gained access to admin environments, source code, and affiliate info
- February rundown: LockBit takedown and ChatGPT woes
- LockBit rises from the ashes, but will it pack the same punch as before?
- The 'Big Three’ ransomware groups are losing their grip on the industry as gangs begin to fracture, study shows
- ALPHV leak site seized by law enforcement as decryption tool released
- Qakbot forced offline, but history suggests it probably won’t be forever
- This ransomware variant has now been used against 500 targets — here's what you need to know
- What are the different types of ransomware?
- What you need to know about the new NCSC ransomware guidance
- “Security has to work together”: Cyber collaboration as a mission at CPX 2024
- The end of ransomware payments: How businesses fit into the fight
Subscribe
