The UK, US and Australia have sanctioned the Russian leader of one of the world’s most prolific ransomware groups, LockBit.
As part of an ongoing international law enforcement investigation, Russian national Dmitry Khoroshev has been identified as one of the leaders of the group, which the Government says has been responsible for extorting more than one billion dollars from victims globally.
As part of the sanctions, the Foreign Office said he would now be subject to a series of asset freezes and travel bans.
According to the Government, LockBit was responsible for a quarter of ransomware attacks globally last year – including targeting more than 200 UK businesses.
In February, the National Crime Agency announced that it had infiltrated LockBit’s network and taken control of its services, significantly reducing the group’s capacity and threat, it said.
Sanctions minister Anne-Marie Trevelyan said: “Together with our allies we will continue to crack down on hostile cyber activity which is destroying livelihoods and businesses across the world.
“In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cybercriminal activity emanating from Russia.”
National Crime Agency director general, Graeme Biggar, said: “These sanctions are an important moment in our fight against cybercriminals behind the LockBit ransomware group, which is now on its knees following our disruption earlier this year.
“They have caused untold damage to schools, hospitals and major companies across the world, who’ve had to pick up the pieces following devastating cyber attacks.
“Dmitry Khoroshev thought he was beyond reproach, even offering 10 million dollars to anyone who could reveal his identity, but these actions dispel that myth.
“Our investigation into LockBit and its affiliates continues and, working with our international partners, we’ll do everything we can to undermine their operations and protect the public.”
The announcement comes following the revelation that the UK’s Ministry of Defence (MoD) had been targeted in a cyber attack, which saw a third-party payroll system hacked, potentially compromising the bank details of service personnel and veterans, with speculation the attack had been carried out by China.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here