LockBit leader revealed: What it means for ransomware

The words 'LockBit leader revealed: What it means for ransomware‘ overlaid on a lightly-blurred, abstract red grain. Decorative: the words 'LockBit' and 'ransomware' are in yellow, while other words are in white. The ITPro podcast logo is in the bottom right corner.
(Image credit: Future/Unsplash - Jason Leung)

The LockBit ransomware group recently suffered another major blow at the hands of international law enforcement, as the UK’s NCA revealed the name and face of the group’s long-sought-after leader.

Dmitry Khoroshev, known as ‘LockBitSupp’ on the dark web, was unmasked by the UK’s National Crime Agency (NCA) while the US Department of Justice announced a 26-count indictment against him.

While this is a significant development in the fight against the group, what does it mean for LockBit in the long term and could it have lasting impacts on the ransomware landscape?

In this episode, Jane and Rory speak to speaking to Solomon Klappholz, staff writer at ITPro and our resident expert on all things cyber security, to get us up to speed on the LockBit situation and explore what it means in more detail. 


“I think this will definitely put the rest of LockBit on red alert, if you will. The DoJ has issued a package of sanctions alongside this bounty, which was to freeze assets and impose travel bans on anyone named to be affiliated with LockBit. So a lot of the cases where previous arrests were made, where cyber criminals had left Russia and were sort of caught on holiday or reveling in Monaco, I think that's less likely now. They're probably going to be living undercover due to this heightened attention they're getting receiving.”


“The NCA released information on how many affiliates were working for LockBit and how they were involved in LockBit’s operations. So I think in total there, they found evidence of 194 affiliates working with LockBit: 46 of these never built an attack, 29 had no victims enter negotiations to pay a ransom and a further 39 negotiated with targets but never got paid. I think what's interesting about that is being a ransomware affiliate, therefore, is quite an uncertain and precarious position. You don't know where your next paycheck might come from.”

“I think that's actually a particularly significant blow to LockBit, hurting their reputation and credibility like that. It's less likely businesses will cooperate with them after they've been compromised, so I think it's important for threat collectives to try and maintain the illusion of trustworthiness or some moral compass.”



Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.