UK and allies sanction Russian leader of ransomware gang

Russian national Dmitry Khoroshev has been sanctioned as part of a crackdown on cyber crime group LockBit.

LockBit’s leader has been sanctioned
LockBit’s leader has been sanctioned (Tim Goode/PA)

The UK, US and Australia have sanctioned the Russian leader of one of the world’s most prolific ransomware groups, LockBit.

As part of an ongoing international law enforcement investigation, Russian national Dmitry Khoroshev has been identified as one of the leaders of the group, which the Government says has been responsible for extorting more than one billion dollars from victims globally.

As part of the sanctions, the Foreign Office said he would now be subject to a series of asset freezes and travel bans.

According to the Government, LockBit was responsible for a quarter of ransomware attacks globally last year – including targeting more than 200 UK businesses.

In February, the National Crime Agency announced that it had infiltrated LockBit’s network and taken control of its services, significantly reducing the group’s capacity and threat, it said.

Sanctions minister Anne-Marie Trevelyan said: “Together with our allies we will continue to crack down on hostile cyber activity which is destroying livelihoods and businesses across the world.

“In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cybercriminal activity emanating from Russia.”

National Crime Agency director general, Graeme Biggar, said: “These sanctions are an important moment in our fight against cybercriminals behind the LockBit ransomware group, which is now on its knees following our disruption earlier this year.

“They have caused untold damage to schools, hospitals and major companies across the world, who’ve had to pick up the pieces following devastating cyber attacks.

“Dmitry Khoroshev thought he was beyond reproach, even offering 10 million dollars to anyone who could reveal his identity, but these actions dispel that myth.

“Our investigation into LockBit and its affiliates continues and, working with our international partners, we’ll do everything we can to undermine their operations and protect the public.”

The announcement comes following the revelation that the UK’s Ministry of Defence (MoD) had been targeted in a cyber attack, which saw a third-party payroll system hacked, potentially compromising the bank details of service personnel and veterans, with speculation the attack had been carried out by China.