{"id":619716,"date":"2024-05-08T17:26:03","date_gmt":"2024-05-08T14:26:03","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/meet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever\/"},"modified":"2024-05-08T17:26:03","modified_gmt":"2024-05-08T14:26:03","slug":"meet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/meet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever\/","title":{"rendered":"#Meet the leader of LockBit, the &#8216;most active ransomware gang ever\u2019"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3fbfda7b86d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3fbfda7b86d\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever\/#Who_and_where_is_LockBits_leader\" >Who and where is LockBit\u2019s leader?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever\/#Ransomware_risks_and_rewards\" >Ransomware risks and rewards<\/a><\/li><\/ul><\/nav><\/div>\n<div id=\"article-main-content\">\n                            Cybercrime hunters have unmasked the alleged leader of LockBit, a hacker network dubbed the \u201cmost active ransomware group ever.\u201d<\/p>\n<p><span>LockBit gained global notoriety for holding victims\u2019 <\/span>data<span>\u00a0to ransom and ransomware-as-a-service, whereby it licenses malware to other\u00a0<\/span>hackers<span>. <\/span><\/p>\n<p><span>According to Europol, the gang was behind the world\u2019s most deployed ransomware <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/law-enforcement-disrupt-worlds-biggest-ransomware-operation#:~:text=The%20world's%20most%20harmful%20ransomware,ransomware%20variant%20across%20the%20world.\">in 2022<\/a> \u2014 causing billions of euros worth of damage. <\/span><\/p>\n<p><span>Among the high-profile victims are US aerospace giant <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/10\/30\/security_in_brief\/\">Boeing<\/a>, Britain\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/technology\/lockbit-ransomware-group-threatens-publish-stolen-royal-mail-data-techcrunch-2023-02-07\/\">Royal Mail<\/a>\u00a0and German automotive titan \u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.lesechos.fr\/tech-medias\/hightech\/continental-victime-dune-cyberattaque-a-50-millions-de-dollars-1879191\">Continental<\/a>. Russian entities, however, are notably absent from the list of targets. <\/span><\/p>\n<p><span>It will therefore come as little surprise that the gang\u2019s reputed mastermind is a Russian national. <\/span><\/p>\n<p><span>In his online life, he used the alias LockBitSupp. In the real world, his name is Dmitry Khoroshev.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1406426 js-lazy\" alt=\"Dmitry Khoroshev, the administrator and developer of the LockBit ransomware group \" width=\"1080\" height=\"1080\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3.png\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3.png 1080w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-210x210.png 210w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-135x135.png 135w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-96x96.png 96w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-270x270.png 270w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-796x796.png 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-192x192.png 192w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fdata-security%2F2024%2F05%2F08%2Fmeet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Dmitry Khoroshev was unmasked to find new leads about his whereabouts. Credit: NCA\" data-title=\"Share Dmitry Khoroshev was unmasked to find new leads about his whereabouts. Credit: NCA on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Dmitry Khoroshev was unmasked to find new leads about his whereabouts. Credit: NCA on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Dmitry Khoroshev was unmasked to find new leads about his whereabouts. Credit: NCA<\/figcaption><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1406426\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3.png\" alt=\"Dmitry Khoroshev, the administrator and developer of the LockBit ransomware group \" width=\"1080\" height=\"1080\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3.png 1080w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-210x210.png 210w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-135x135.png 135w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-96x96.png 96w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-270x270.png 270w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-796x796.png 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/05\/Identity_reveal_v3-192x192.png 192w\"\/><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Who_and_where_is_LockBits_leader\"><\/span>Who and where is LockBit\u2019s leader?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Britain\u2019s National Crime Agency (NCA) unmasked <span>Khoroshev on Tuesday. The agency claimed that he served as the <\/span>administrator and developer of LockBit.<\/p>\n<p><span>Khoroshev was also suspected of penning a message declaring support for Donald Trump. The <\/span>dubious endorsement emerged in February after a coalition of <span>law enforcement agencies disrupted LockBit\u2019s operations. The takedown compromised the gang\u2019s \u201cprimary platform and critical infrastructure,\u201d Europol said. <\/span><\/p>\n<p><span>Just days later, LockBit\u2019s purported leader wrote a post on the Dark Web blaming their \u201cpersonal negligence and irresponsibility\u201d for the infiltration. The message also included an <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>arent list of corporate victims and that\u00a0dubious endorsement of Trump.<\/span><\/p>\n<p>Khoroshev was so confident of his anonymity that he once promised a $10mn (\u20ac9.3mn) reward to anyone who could reveal his identity. By showing his <span style=\"color: #030303;\">face<\/span>, the NCA has removed his veil.<\/p>\n<p><span>The agency also hopes that the unmasking will lead to evidence about his whereabouts.<\/span><\/p>\n<p>\u201cThe NCA has clearly come to a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of dead ends in their investigations and the unmasking of LockBit\u2019s leader will potentially reignite a flurry of new leads,\u201d Jake Moore, Global Cybersecurity Advisor at Slovakian software firm <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.eset.com\/\">ESET<\/a>, told TNW.<\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1404089 js-lazy\" alt=\"Graphic of the cybercrime agencies who have taken down Lockbit\" width=\"1280\" height=\"720\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5.jpeg\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5.jpeg 1280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-280x158.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-240x135.jpeg 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-480x270.jpeg 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-796x448.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-1200x675.jpeg 1200w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fdata-security%2F2024%2F05%2F08%2Fmeet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The February\u00a0 which includes the takedown of 34 servers spanning Europe, the US, and Australia. Credit: NCA\" data-title=\"Share The February\u00a0 which includes the takedown of 34 servers spanning Europe, the US, and Australia. Credit: NCA on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The February\u00a0 which includes the takedown of 34 servers spanning Europe, the US, and Australia. Credit: NCA on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>The February\u00a0 which includes the takedown of 34 servers spanning Europe, the US, and Australia. Credit: NCA<\/figcaption><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1404089\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5.jpeg\" alt=\"Graphic of the cybercrime agencies who have taken down Lockbit\" width=\"1280\" height=\"720\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5.jpeg 1280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-280x158.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-240x135.jpeg 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-480x270.jpeg 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-796x448.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-5-1200x675.jpeg 1200w\"\/><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Ransomware_risks_and_rewards\"><\/span>Ransomware risks and rewards<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span> US authorities have also promised up to $10mn (\u20ac9.3mn) for information that leads to Khoroshev\u2019s arrest and\/or conviction. <\/span><\/p>\n<p><span>Due to his anonymity, the reward is likely targeted at Khoroshev\u2019s inner circle, Moore said.<\/span><\/p>\n<p>The eye-catching unmasking via a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/NCA_UK\/status\/1787845496574222782\">depixelating GIF<\/a> could also encourage internet sleuths to join the case. But these very public tactics do come with a risk.<\/p>\n<p>\u201cUnmasking a cybercriminal can be very powerful but it can also have an adverse effect by flaming the ego of the individuals and bringing great kudos to their operations in underground forums and certain peer groups,\u201d Moore said.<\/p>\n<p>\u201cHowever, the NCA has clearly weighed this up and feel certain that this is now the time to bring in public assistance.\u201d<\/p>\n<p>Moore expects the NCA to now quickly ascertain <span>Khoroshev\u2019s<\/span> whereabouts. The bigger challenge will be gaining enough evidence to prosecute the LockBit leader and his ransomware gang.\n                        <\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/meet-the-leader-of-lockbit-the-most-active-ransomware-gang-ever\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercrime hunters have unmasked the alleged leader of LockBit, a hacker network dubbed the \u201cmost active ransomware group ever.\u201d LockBit gained global notoriety for holding victims\u2019 data\u00a0to ransom and ransomware-as-a-service, whereby it licenses malware to other\u00a0hackers. According to Europol, the gang was behind the world\u2019s most deployed ransomware in 2022 \u2014 causing billions of euros&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-619716","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/619716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=619716"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/619716\/revisions"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=619716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=619716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=619716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}