LockBitSupp, the administrator of the infamous LockBit ransomware group, has taken a bold step by responding publicly to the efforts of the Federal Bureau of Investigation (FBI) and international law enforcement to identify and apprehend him.
After reclaiming previously seized domains, law enforcement revealed Dmitry Yuryevich Khoroshev as the mastermind behind the LockBit operations in a recent public announcement. This announcement was followed by the imposition of official sanctions by the U.S., U.K., and Australia, along with 26 criminal charges against Khoroshev ranging from extortion to hacking. The charges collectively carry a potential maximum sentence of 185 years imprisonment.
Moreover, the Justice Department has announced a remarkable $10 million reward for any information that leads to the capture of Khoroshev. Despite these serious allegations and consequences, LockBitSupp denied any involvement and sought to transform the situation into a strange competition on the group’s remaining leak site.
The LockBit admin initiated a post on the leak site announcing a new contest to encourage individuals to make contact with Dmitry Yuryevich Khoroshev. In the post, LockBitSupp asserted that the FBI had made a mistaken identification and that the named individual is not the true LockBitSupp. The admin tried to explain the alleged misidentification as a consequence of a mix-up of cryptocurrencies between the ransomware admin’s funds and their own, which they believe drew the attention of the FBI.
Cryptocurrency mixing is a process used to blend different streams of potentially identifiable cryptocurrency to enhance the anonymity of transactions. The contest launched by LockBitSupp invites participants to reach out to the individual believed to be Khoroshev and report back on his well-being in exchange for a $1000 reward. The admin specified that the first person to provide evidence such as videos, photos, or screenshots confirming contact with the individual would receive the reward.
Participants were directed to send their findings via an encrypted messaging platform called Tox, using a specific Tox ID provided by LockBitSupp. Additionally, LockBitSupp shared multiple links to LockBit-associated file-sharing services on the dark web for individuals to archive details and submit them as contest entries. The admin also listed extensive personal details alleged to belong to Dmitry Khoroshev, including email addresses, a Bitcoin wallet address, passport, and tax identification numbers.
Amidst the challenging stance and contest announcement, LockBitSupp expressed concern for the well-being of the person mistakenly identified as them, urging Khoroshev to make contact if he is alive and aware of the situation. This unconventional move by LockBitSupp aims to counter the statements made by law enforcement agencies and highlights the intricate dynamics of the cyber underworld, where hackers openly taunt their pursuers.
LockBitSupp emphasized that the contest will continue as long as the announcement remains visible on the blog and hinted at the possibility of more contests in the future with greater rewards. The announcement was uploaded and last updated on May 9, 2024, UTC, keeping the public and the cybersecurity community on high alert for further developments.
Recent indictments have identified Khoroshev as the mastermind behind LockBit’s operations, serving as the group’s administrator since September 2019. It was revealed that Khoroshev and the LockBit group extorted over $500 million from victims in 120 countries worldwide, with Khoroshev allegedly receiving around $100 million from this illicit activity.
As the saga unfolds, the cyber world remains captivated by the audacious moves of LockBitSupp and the ongoing efforts of law enforcement to bring him to justice. The cybersecurity community continues to monitor the situation closely, waiting for any new developments to emerge.