Takedown of the LockBit Ransomware Group: Global Takedown Cases 2024
Feb. 27, 2025
In May 2024, a joint task force comprising the United States, the United Kingdom, and Australia launched "Operation Cronos," identifying Dmitry Yuryevich Khoroshev as a key member of the LockBit ransomware group. This report provides an in-depth analysis of this major international cybercrime takedown.
- Incident
Table of Contents
Incident
Identification and Sanctions Against a Key Member of the LockBit Ransomware Group
On May 7, 2024, a joint task force comprising the United States, the United Kingdom, and Australia identified and sanctioned Dmitry Yuryevich Khoroshev, a Russian national and key member of the globally infamous LockBit ransomware group. The operation, named "Operation Cronos," dealt a major blow to LockBit's infrastructure.
What is LockBit?
LockBit is a ransomware group that began operations in September 2019. It operates under a Ransomware-as-a-Service (RaaS) model and is believed to have extorted approximately $500 million in ransom payments from over 2,500 victims worldwide.
Its victims include:
- Individuals and small businesses
- Multinational corporations
- Hospitals and schools
- Nonprofit organizations
- Critical infrastructure
- Government agencies and law enforcement institutions
Details of Operation Cronos
In February 2024, an international law enforcement coalition led by the UK’s National Crime Agency (NCA) and the FBI launched Operation Cronos, targeting LockBit's infrastructure. The operation resulted in:
✅ Seizure of LockBit's public websites and servers
✅ Confiscation of cryptocurrency assets
✅ Acquisition of decryption keys to assist victims in recovering their data
Identification and Sanctions Against Dmitry Yuryevich Khoroshev
As a result of Operation Cronos, Dmitry Yuryevich Khoroshev (31, from Voronezh, Russia), who operated under the alias "LockBitSupp", was identified as the administrator and developer of LockBit. He was one of the founding members of the group and played a key role in its development, operation, and management.
- The U.S. Department of Justice (DOJ) has indicted Khoroshev on 26 counts.
- The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has frozen his assets and imposed a travel ban.
International Cooperation and Future Outlook
Operation Cronos was a joint effort involving international law enforcement agencies from the UK, the US, Australia, and other nations. This operation underscores the importance of global collaboration in combating cybercrime.
Although LockBit’s leader has been identified and its infrastructure has been significantly dismantled, cybercriminals may regroup and adopt new tactics. Ongoing vigilance and enhanced cybersecurity measures are essential to counter future threats.
Source
https://www.chainalysis.com/blog/nca-ofac-sanctions-dmitry-khoroshev-lockbit-ransomware-2024/
https://www.theverge.com/2024/12/20/24326156/us-lockbit-ransomware-developer-charges
