Russian national Dmitry Khoroshev, identified as the alleged leader of the LockBit ransomware gang, has faced significant international action, including asset freezes, travel bans, and sanctions. The LockBit gang, responsible for over 7,000 ransomware attacks between June 2022 and February 2024, primarily targeted institutions in the U.S., U.K., France, Germany, and China. Key victims included high-profile entities such as Royal Mail and Boeing.

Khoroshev, who operated under the alias LockBitSupp, was believed to have remained anonymous until recent coordinated efforts by global law enforcement agencies exposed his identity. Despite offering a $10 million reward for maintaining his anonymity, the U.S. government matched this with a reward for information leading to his arrest.

The UK’s National Crime Agency (NCA), along with international partners, has been instrumental in dismantling the group’s “command and control” infrastructure earlier this year, significantly reducing their impact. The NCA’s Director General, Graeme Biggar, and Sanctions Minister Anne-Marie Trevelyan, have both highlighted the UK’s commitment to combating cyber threats to global security.

Australia has also taken stringent measures against Khoroshev, citing his senior role in the group which was responsible for 18% of the country’s reported ransomware attacks in 2022-23. Australian Foreign Affairs Minister Penny Wong emphasized adherence to a rules-based cyberspace, with the government banning Khoroshev and criminalizing the provision of assets to him.

Currently, Khoroshev is believed to be in Russia, and the likelihood of his extradition appears uncertain due to the country’s track record on cybercriminal extradition. This complex international legal and security issue continues to unfold as global agencies press on with their crackdown on cybercrime networks.