LockBit Boss Identified, Charged And Sanctioned By The US And Partners
Read also: a hacker-for-hire arrested in the UK, the BTC-e mastermind pleads guilty, and more.
Thursday, May 9, 2024
LockBit ransomware boss identified, charged and sanctioned by the US and partners
In a coordinated effort, the US, UK, Australian authorities, and Europol, have revealed the identity of the mastermind behind the LockBit ransomware operation. Dmitry Yuryevich Khoroshev, a Russian national, operating under the aliases 'LockBitSupp' and ‘putincrab’, has been disclosed as the key figure behind the notorious cybercriminal group.
Khoroshev allegedly developed and administered the LockBit ransomware-as-a-service (RaaS) operation since its establishment in 2019, orchestrating attacks on over 2,500 victims across 120 countries. Through the duration of the scheme, it is estimated that at least $500 million in ransom payments were extorted from the victims, causing billions in losses. He managed the ransomware's infrastructure, recruited affiliates, and maintained a data leak site. Khoroshev received a significant share of the ransom payments, amassing around $100 million in digital currency.
The US and Australia have imposed sanctions on Khoroshev, including asset freezes and travel bans, and announced a $10 million reward for information leading to his arrest or conviction.
The LockBit operation was disrupted in February 2024 through a global law enforcement effort, resulting in arrests, server seizures, and the shutdown of cryptocurrency accounts. The UK's National Crime Agency played a lead role, seizing infrastructure and obtaining decryption keys, while US authorities indicted two Russian nationals linked to LockBit and other ransomware attacks.
Request your free demo now and talk to our experts.
BTC-e mastermind pleads guilty to money laundering
The suspected boss of BTC-e Alexander Vinnik, a Russian national, has pleaded guilty to conspiracy to commit money laundering linked to his role in operating the cryptocurrency exchange from 2011 to 2017.
According to court documents, Vinnik was one of the key figures behind BTC-e, one of the globe's largest virtual currency exchanges. BTC-e was known as a preferred platform for cybercriminals seeking to transfer and launder proceeds from illicit activities, including ransomware attacks. Notably, BTC-e was linked to the breach of the now-defunct crypto exchange Mt. Gox after it was used to launder some 300,000 bitcoins obtained through the hack. BTC-e was shut down in July 2017.
At about the same time, Vinnik was apprehended by authorities while vacationing in Greece, following an international warrant issued by the US for his involvement in the operation of BTC-e. After the United States, France and Russia requested Vinnik’s extradition to their respective nations, a years-long extradition battle followed.
Eventually, Vinnik was sent to France in 2020, where he received a five-year prison sentence and a fine of €100,000. He was then returned to Greece before finally being sent to the United States to face charges against him.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
An Australian man arrested for blackmail over NSW data breach
Australian law enforcement authorities have apprehended a Sydney man in connection with a significant data breach investigation involving the personal information of thousands of residents from New South Wales and the Australian Capital Territory.
The suspect, who was arrested over a data breach at Outabox, an IT provider used by dozens of hospitality venues, is accused of creating a website providing access to Outabox data. The compromised information purportedly included personal details, driver's license scans, signatures, birth dates used for patron sign-ins, and facial recognition data, totaling over 1 million records.
Authorities are still piecing together how the breach occurred. A spokesperson for Outabox said the company is aware of a potential breach of data by an unauthorized third party from a sign-in system used by its customers.
The 46-year-old suspect faces charges of blackmail and has been granted conditional bail, with a court appearance scheduled for June 12, 2024.
A hacker-for-hire arrested in the UK
Amit Forlit, an Israeli private investigator, was arrested at London's Heathrow Airport under an Interpol red notice while attempting to fly to Israel. The arrest, prompted by US authorities, is linked to allegations of cyberespionage.
Forlit is accused of participating in a hack-for-hire scheme with an unnamed US-based PR firm, reportedly paid $20 million to gather intelligence on the Argentinian debt crisis. The US charges against Forlit include conspiracy to commit computer hacking and wire fraud.
Despite extradition attempts, a judge in Westminster Magistrates’ Court dismissed the case due to a legal technicality regarding the timeframe for producing Forlit in court.
Additionally, Forlit faces separate accusations of computer hacking in New York, involving aviation executive Farhad Azima's emails. Forlit previously acknowledged obtaining the victim’s emails but denied the allegations of hacking, claiming that he came upon the emails “on the web.”
Six Austrians arrested in major crypto scam, over €750,000 seized
In a coordinated effort involving law enforcement agencies from Austria, Cyprus, and Czechia, six Austrian nationals have been apprehended for orchestrating an elaborate online cryptocurrency scam that promised lucrative returns to unsuspecting investors.
The scam, spanning from December 2017 to February 2018, involved what appeared to be a legitimate online trading company offering a new cryptocurrency. With an initial coin offering (ICO) amounting to 10 million tokens, or corresponding rights to the new currency, investors were lured in with promises of substantial profits. Payment for these tokens was accepted in cryptocurrencies like Bitcoin or Ethereum.
To lure in victims, the fraudsters claimed to have developed sophisticated software and a unique algorithm specifically tailored for token sales. In February 2018, the perpetrators abruptly closed all social media accounts associated with the project and took down the fake company's website, leading to suspicions of an elaborate exit scam.
Following an investigation, authorities conducted six house searches, resulting in the seizure of over €500,000 in cryptocurrencies and €250,000 in fiat currency. Additionally, dozens of bank accounts were frozen in connection with the scam. Two cars and a luxury property valued at €1.4 million were also confiscated.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
