Office of Public Affairs US Charges Russian National with Developing and Operating LockBit Ransomware United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
pp
This is archived content from the US Department of Justice website The information here may be outdated and links may no longer function Please contact webmasterusdojgov if you have any questions about the archive site
pp ppUS Attorney Philip R Sellinger for the District of New Jerseys recorded remarksppThe US Justice Department unsealed charges today against a Russian national for his alleged role as the creator developer and administrator of the LockBit ransomware group from its inception in September 2019 through the present At times LockBit was the most prolific ransomware group in the worldppEarlier this year the Justice Department and our UK law enforcement partners disrupted LockBit a ransomware group responsible for attacks on victims across the United States and around the world said Attorney General Merrick B Garland Today we are going a step further charging the individual who we allege developed and administered this malicious cyber scheme which has targeted over 2000 victims and stolen more than 100 million in ransomware payments We will continue to work closely alongside our partners across the US government and around the world to disrupt cybercrime operations like LockBit and to find and hold accountable those responsible for themppAs part of our unrelenting efforts to dismantle ransomware groups and protect victims the Justice Department has brought over two dozen criminal charges against the administrator of LockBit one of the worlds most dangerous ransomware organizations said Deputy Attorney General Lisa Monaco Working with US and international partners we are using all our tools to hold ransomware actors accountableand we continue to encourage victims to report cyberattacks to the FBI when they happen Reporting an attack could make all the difference in preventing the next oneppDimitry Yuryevich Khoroshev Дмитрий Юрьевич Хорошев also known as LockBitSupp LockBit and putinkrab 31 of Voronezh Russia is charged by a 26count indictment returned by a grand jury in the District of New JerseyppTodays indictment of LockBit developer and operator Dimitry Yuryevich Khoroshev continues the FBIs ongoing disruption of the LockBit criminal ecosystem said FBI Director Christopher Wray The LockBit ransomware group represented one of the most prolific ransomware variants across the globe causing billions of dollars in losses and wreaking havoc on critical infrastructure including schools and hospitals The charges announced today reflect the FBIs unyielding commitment to disrupting ransomware organizations and holding the perpetrators accountableppThe indictment against Khoroshev unsealed today follows a recent disruption of LockBit ransomware in February by the UK National Crime Agencys NCA Cyber Division which worked in cooperation with the Justice Department FBI and other international law enforcement partners As previously announced by the Department authorities disrupted LockBit by seizing numerous publicfacing websites used by LockBit to connect to the organizations infrastructure and by seizing control of servers used by LockBit administrators thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data That disruption succeeded in greatly diminishing LockBits reputation and its ability to attack further victims as alleged by the indictment unsealed todayppDmitry Khoroshev conceived developed and administered Lockbit the most prolific ransomware variant and group in the world enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe said US Attorney Philip R Sellinger for the District of New Jersey He thought he could do so hidden by his notorious moniker LockBitSupp anonymous and free of any consequence while he personally pocketed 100 million extorted from Lockbits victims Through relentless investigation and coordination with our partners at the Criminal Divisions Computer Crime and Intellectual Property Section the FBI and abroad we have proven him and his coconspirators wrong Todays indictment marks a significant milestone in the investigation and prosecution of LockBit which has already led to charges against five other LockBit affiliatestwo of whom are in custody awaiting trialand a major disruption of the now discredited LockBit operationppIn addition as previously announced law enforcement developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant Victims targeted by this malware are encouraged to contact the FBI at httpslockbitvictimsic3gov to enable law enforcement to determine whether affected systems can be successfully decryptedppAccording to the indictment and other documents previously unsealed in the District of New JerseyppKhoroshev and the LockBit Ransomware GroupppKhoroshev allegedly acted as the LockBit ransomware groups developer and administrator from its inception in or around September 2019 through May 2024 Khoroshev and his affiliate coconspirators grew LockBit into what was at times the most active and destructive ransomware variant in the world The LockBit ransomware group attacked more than 2500 victims in at least 120 countries including 1800 victims in the United States LockBit victims included individuals small businesses multinational corporations hospitals schools nonprofit organizations critical infrastructure and government and lawenforcement agencies Khoroshev and his coconspirators extracted at least 500 million in ransom payments from their victims and caused billions of dollars in broader losses such as lost revenue incident response and recoveryppKhoroshev allegedly designed LockBit to operate in the ransomwareasaservice RaaS model In his role as the LockBit developer and administrator Khoroshev arranged for the design of the LockBit ransomware code itself recruited other LockBit memberscalled affiliatesto deploy it against victims and maintained the LockBit infrastructure including an online software dashboard called a control panel to provide the affiliates with the tools necessary to deploy LockBit Khoroshev also maintained LockBits publicfacing websitecalled a data leak sitefor the publication of data stolen from victims who refused to pay a ransomppAs alleged in the indictment Khoroshevas the LockBit developertypically received a 20 share of each ransom payment extorted from LockBit victims The affiliate responsible for an attack would receive the remaining 80 During the scheme Khoroshev alone allegedly received at least 100 million in disbursements of digital currency through his developer shares of LockBit ransom paymentsppLockBit infrastructure seized by law enforcement through the February 2024 disruption allegedly showed that Khoroshev retained copies of data stolen from LockBit victims who had paid the demanded ransomppKhoroshev and his affiliate coconspirators had falsely promised those victims that their stolen data would be deleted after payment Moreover after the February 2024 disruption Khoroshev allegedly communicated with law enforcement and urged them to disclose the identities of his RaaS competitorswhom Khoroshev called his enemiesin exchange for his servicesppKhoroshev is charged with one count of conspiracy to commit fraud extortion and related activity in connection with computers one count of conspiracy to commit wire fraud eight counts of intentional damage to a protected computer eight counts of extortion in relation to confidential information from a protected computer and eight counts of extortion in relation to damage to a protected computer In total those charges carry a maximum penalty of 185 years in prison Each of the 26 counts charged by the indictment also carries a maximum fine of the greatest of 250000 pecuniary gain to the offender or pecuniary harm to the victimppThe LockBit InvestigationppWith the indictment unsealed today a total of six LockBit members have now been charged for their participation in the LockBit conspiracyppThe FBI Newark Field Office is investigating the LockBit ransomware variantppTrial Attorneys Jessica C Peck Debra Ireland and Jorge Gonzalez of the Criminal Divisions Computer Crime and Intellectual Property Section CCIPS and Assistant US Attorneys Andrew M Trombly David E Malagold and Vinay Limbachia for the District of New Jersey are prosecuting the charges against KhoroshevppThe Justice Departments Cybercrime Liaison Prosecutor to Eurojust Office of International Affairs and National Security Division also provided significant assistanceppAdditionally the Department of the Treasurys Office of Foreign Assets Control announced today that it is designating Khoroshev for his role in launching cyberattacks For more information visit httpshometreasurygovnewspressreleasesjy2326 Authorities in the United Kingdom and Australia also announced sanctions today against KhoroshevppThe Department of State also announced today a reward of up to 10 million for information that leads to the apprehension of Khoroshev Information that may be eligible for this award can be submitted by email at fbisuppfbigov Telegram at LockbitRewards Signal at FBISupp01 and tox B0B98577F0541160C745B464E42C9AB782B036682FAD59D5F228EA75BF71691BE68A8E08BD55 The reward announced today supplements a previous reward of up to 10 million for information leading to the identification of any individual who holds a leadership position in the criminal group behind LockBit ransomware For more information on this reward visit Reward for Information LockBit RansomwareasaServiceppVictims of LockBit should contact the FBI at httpslockbitvictimsic3gov for further information Additional details on protecting networks against LockBit ransomware are available at StopRansomwaregov These include Cybersecurity and Infrastructure Security Agency Advisories AA23325A AA23165A and AA23075A ppAn indictment is merely an allegation Under US law all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of lawppThe Justice Department announced the disruption of an ongoing terrorist financing scheme through the seizure of approximately 201400 in cryptocurrency held in wallets and accounts intended to benefit Harakat alMuqawamappA federal jury in Cleveland convicted a Texas man today for writing and deploying malicious code on his former employers networkppThe Justice Department announced today a coordinated action with Germany and Finland to disrupt and take down the online infrastructure used to operate Garantex a cryptocurrency exchange that allegedly facilitatedppOffice of Public AffairsUS Department of Justice950 Pennsylvania Avenue NWWashington DC 20530ppOffice of Public Affairs Direct Line2025142007ppDepartment of Justice Main Switchboard2025142000ppSignup for Email UpdatesSocial MediappppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
pp
This is archived content from the US Department of Justice website The information here may be outdated and links may no longer function Please contact webmasterusdojgov if you have any questions about the archive site
pp ppUS Attorney Philip R Sellinger for the District of New Jerseys recorded remarksppThe US Justice Department unsealed charges today against a Russian national for his alleged role as the creator developer and administrator of the LockBit ransomware group from its inception in September 2019 through the present At times LockBit was the most prolific ransomware group in the worldppEarlier this year the Justice Department and our UK law enforcement partners disrupted LockBit a ransomware group responsible for attacks on victims across the United States and around the world said Attorney General Merrick B Garland Today we are going a step further charging the individual who we allege developed and administered this malicious cyber scheme which has targeted over 2000 victims and stolen more than 100 million in ransomware payments We will continue to work closely alongside our partners across the US government and around the world to disrupt cybercrime operations like LockBit and to find and hold accountable those responsible for themppAs part of our unrelenting efforts to dismantle ransomware groups and protect victims the Justice Department has brought over two dozen criminal charges against the administrator of LockBit one of the worlds most dangerous ransomware organizations said Deputy Attorney General Lisa Monaco Working with US and international partners we are using all our tools to hold ransomware actors accountableand we continue to encourage victims to report cyberattacks to the FBI when they happen Reporting an attack could make all the difference in preventing the next oneppDimitry Yuryevich Khoroshev Дмитрий Юрьевич Хорошев also known as LockBitSupp LockBit and putinkrab 31 of Voronezh Russia is charged by a 26count indictment returned by a grand jury in the District of New JerseyppTodays indictment of LockBit developer and operator Dimitry Yuryevich Khoroshev continues the FBIs ongoing disruption of the LockBit criminal ecosystem said FBI Director Christopher Wray The LockBit ransomware group represented one of the most prolific ransomware variants across the globe causing billions of dollars in losses and wreaking havoc on critical infrastructure including schools and hospitals The charges announced today reflect the FBIs unyielding commitment to disrupting ransomware organizations and holding the perpetrators accountableppThe indictment against Khoroshev unsealed today follows a recent disruption of LockBit ransomware in February by the UK National Crime Agencys NCA Cyber Division which worked in cooperation with the Justice Department FBI and other international law enforcement partners As previously announced by the Department authorities disrupted LockBit by seizing numerous publicfacing websites used by LockBit to connect to the organizations infrastructure and by seizing control of servers used by LockBit administrators thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data That disruption succeeded in greatly diminishing LockBits reputation and its ability to attack further victims as alleged by the indictment unsealed todayppDmitry Khoroshev conceived developed and administered Lockbit the most prolific ransomware variant and group in the world enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe said US Attorney Philip R Sellinger for the District of New Jersey He thought he could do so hidden by his notorious moniker LockBitSupp anonymous and free of any consequence while he personally pocketed 100 million extorted from Lockbits victims Through relentless investigation and coordination with our partners at the Criminal Divisions Computer Crime and Intellectual Property Section the FBI and abroad we have proven him and his coconspirators wrong Todays indictment marks a significant milestone in the investigation and prosecution of LockBit which has already led to charges against five other LockBit affiliatestwo of whom are in custody awaiting trialand a major disruption of the now discredited LockBit operationppIn addition as previously announced law enforcement developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant Victims targeted by this malware are encouraged to contact the FBI at httpslockbitvictimsic3gov to enable law enforcement to determine whether affected systems can be successfully decryptedppAccording to the indictment and other documents previously unsealed in the District of New JerseyppKhoroshev and the LockBit Ransomware GroupppKhoroshev allegedly acted as the LockBit ransomware groups developer and administrator from its inception in or around September 2019 through May 2024 Khoroshev and his affiliate coconspirators grew LockBit into what was at times the most active and destructive ransomware variant in the world The LockBit ransomware group attacked more than 2500 victims in at least 120 countries including 1800 victims in the United States LockBit victims included individuals small businesses multinational corporations hospitals schools nonprofit organizations critical infrastructure and government and lawenforcement agencies Khoroshev and his coconspirators extracted at least 500 million in ransom payments from their victims and caused billions of dollars in broader losses such as lost revenue incident response and recoveryppKhoroshev allegedly designed LockBit to operate in the ransomwareasaservice RaaS model In his role as the LockBit developer and administrator Khoroshev arranged for the design of the LockBit ransomware code itself recruited other LockBit memberscalled affiliatesto deploy it against victims and maintained the LockBit infrastructure including an online software dashboard called a control panel to provide the affiliates with the tools necessary to deploy LockBit Khoroshev also maintained LockBits publicfacing websitecalled a data leak sitefor the publication of data stolen from victims who refused to pay a ransomppAs alleged in the indictment Khoroshevas the LockBit developertypically received a 20 share of each ransom payment extorted from LockBit victims The affiliate responsible for an attack would receive the remaining 80 During the scheme Khoroshev alone allegedly received at least 100 million in disbursements of digital currency through his developer shares of LockBit ransom paymentsppLockBit infrastructure seized by law enforcement through the February 2024 disruption allegedly showed that Khoroshev retained copies of data stolen from LockBit victims who had paid the demanded ransomppKhoroshev and his affiliate coconspirators had falsely promised those victims that their stolen data would be deleted after payment Moreover after the February 2024 disruption Khoroshev allegedly communicated with law enforcement and urged them to disclose the identities of his RaaS competitorswhom Khoroshev called his enemiesin exchange for his servicesppKhoroshev is charged with one count of conspiracy to commit fraud extortion and related activity in connection with computers one count of conspiracy to commit wire fraud eight counts of intentional damage to a protected computer eight counts of extortion in relation to confidential information from a protected computer and eight counts of extortion in relation to damage to a protected computer In total those charges carry a maximum penalty of 185 years in prison Each of the 26 counts charged by the indictment also carries a maximum fine of the greatest of 250000 pecuniary gain to the offender or pecuniary harm to the victimppThe LockBit InvestigationppWith the indictment unsealed today a total of six LockBit members have now been charged for their participation in the LockBit conspiracyppThe FBI Newark Field Office is investigating the LockBit ransomware variantppTrial Attorneys Jessica C Peck Debra Ireland and Jorge Gonzalez of the Criminal Divisions Computer Crime and Intellectual Property Section CCIPS and Assistant US Attorneys Andrew M Trombly David E Malagold and Vinay Limbachia for the District of New Jersey are prosecuting the charges against KhoroshevppThe Justice Departments Cybercrime Liaison Prosecutor to Eurojust Office of International Affairs and National Security Division also provided significant assistanceppAdditionally the Department of the Treasurys Office of Foreign Assets Control announced today that it is designating Khoroshev for his role in launching cyberattacks For more information visit httpshometreasurygovnewspressreleasesjy2326 Authorities in the United Kingdom and Australia also announced sanctions today against KhoroshevppThe Department of State also announced today a reward of up to 10 million for information that leads to the apprehension of Khoroshev Information that may be eligible for this award can be submitted by email at fbisuppfbigov Telegram at LockbitRewards Signal at FBISupp01 and tox B0B98577F0541160C745B464E42C9AB782B036682FAD59D5F228EA75BF71691BE68A8E08BD55 The reward announced today supplements a previous reward of up to 10 million for information leading to the identification of any individual who holds a leadership position in the criminal group behind LockBit ransomware For more information on this reward visit Reward for Information LockBit RansomwareasaServiceppVictims of LockBit should contact the FBI at httpslockbitvictimsic3gov for further information Additional details on protecting networks against LockBit ransomware are available at StopRansomwaregov These include Cybersecurity and Infrastructure Security Agency Advisories AA23325A AA23165A and AA23075A ppAn indictment is merely an allegation Under US law all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of lawppThe Justice Department announced the disruption of an ongoing terrorist financing scheme through the seizure of approximately 201400 in cryptocurrency held in wallets and accounts intended to benefit Harakat alMuqawamappA federal jury in Cleveland convicted a Texas man today for writing and deploying malicious code on his former employers networkppThe Justice Department announced today a coordinated action with Germany and Finland to disrupt and take down the online infrastructure used to operate Garantex a cryptocurrency exchange that allegedly facilitatedppOffice of Public AffairsUS Department of Justice950 Pennsylvania Avenue NWWashington DC 20530ppOffice of Public Affairs Direct Line2025142007ppDepartment of Justice Main Switchboard2025142000ppSignup for Email UpdatesSocial MediappppHave a question about Government Servicesp
