Nicole M. Argentieri

Deputy Assistant Attorney General Nicole M. Argentieri announced the indictments against a Russian national the Department of Justice alleges headed the LockBit ransomware hacking group.

Credit: Provided by DOJ

The U.S. Department of Justice has indicted and charged a Russian national who used a hacking group to launch cyberattacks on more than 2,000 victims, including Fulton County, to steal more than $100 million.

The DOJ alleged that 31-year-old Russian national Dmitry Yuryevich Khoroshev is the leader of the ransomware group LockBit. The U.S. agency also joined United Kingdom and Australian law enforcement partners in sanctioning Khoroshev, according to a May 7 DOJ press release.

Khoroshev – also known as LockBitSupp, LockBit, and putinkrab – of Voronezh, Russia, is charged with a 26-count indictment, returned by a federal grand jury in the District of New Jersey.

“As part of our unrelenting efforts to dismantle ransomware groups and protect victims, the Justice Department has brought over two dozen criminal charges against the administrator of LockBit, one of the world’s most dangerous ransomware organizations,” said Deputy Attorney General Lisa Monaco in the release.

The U.K. National Crime Agency’s (NCA) Cyber Division worked in cooperation with the DOJ, FBI, and other international law enforcement partners to disrupt Lockbit ransomware in February. They seized public-facing websites LockBit used to connect its infrastructure by taking control of servers used by LockBit administrators.

Earlier this year, Lockbit attacked Fulton County, shutting down some services for weeks. Fulton Commission Chairman Robb Pitts confirmed on Feb. 29 that the county did not pay any ransomware request. The hacking group never released any data it claimed to have stolen from Fulton County.

A blog called Krebs on Security reported at the time that security experts said that LockBit likely was bluffing and lost most of the data when law enforcement seized its servers on Feb. 20.

Khoroshev allegedly designed the ransomware group to operate in the “ransomware-as-a-service” model, according to the release. The release further alleges that in his role as LockBit’s developer and administrator, he arranged for the design of the LockBit ransomware code, recruited other LockBit members to deploy it against victims, and maintained the LockBit infrastructure, including an online software dashboard called a “control panel” to give affiliates the tools necessary to deploy LockBit.

Khoroshev allegedly received a 20 percent share of each ransom payment extorted from LockBit’s victims.

The indictment’s 26 counts carry a maximum penalty of 185 years in prison. Each count also carries a maximum fine of whichever is greatest, $250,000 or the demonstrable economic injury to the victim or demonstrable gain to the offender.

The U.S. State Department announced a reward of up to $10 million for information that led to Khoroshev’s apprehension. That supplements a previous $10 million reward for information leading to the identification of anyone who holds a leadership position in the criminal group behind LockBit ransomware.

This story comes to GPB through a reporting partnership with Rough Draft Atlanta.