The Origin Of LockBit's Proposal And Its Founders And The FBI's Indictment Against Them

JAKARTA - Indonesia's Temporary National Data Center (PDNS), this time it became a victim of a massive cyber attack involving the LockBit 3.0 ransomware. This attack has caused serious disruption to government data services, threatening the security of sensitive and important information in the country.

LockBit is one of the most prolific ransomware groups in the world, allegedly starting operations since September 2019. The group is known for its "ransomware-as-a-service" (RaaS) model, where they provide software and infrastructure for affiliates that then carry out attacks on victims.

In this way, LockBit managed to attack more than 2,500 victims in at least 120 countries, including 1,800 victims in the United States. The victims include individuals, small businesses, multinational companies, hospitals, schools, non-profit organizations, critical infrastructure, as well as government agencies and law enforcement.

LockBit uses various techniques to infiltrate its target network, including:

After successfully logging into the system, LockBit will:

Dmitry Yuryevich Khoroshev, also known as LockBitSupp, LockBit, and putinkrab, is a 31-year-old Russian citizen of Voronezh. He is suspected of being the creator, developer, and main administrator behind LockBit operations. Khoroshev played a major role in designing the LockBit ransomware code, recruiting other members, and managing the group's infrastructure, including websites to publish stolen data from victims who refused to pay the ransom.

In LockBit's RaaS model, Kharoshev as a developer receives about 20% of any ransom payments, while the affiliates carrying out the attack receive the remainder. During the operation, Khoroshev allegedly received at least 100 million US dollars (Rp1.6 trillion) for ransom payments.

On June 24, 2024, the US Department of Justice opened the indictment against Dmitry Yuryevich Khoroshev. The indictment includes 26 counts consisting of:

Each of the 26 counts carries a maximum sentence of 185 years in prison and a maximum fine of 250,000 or the amount of financial benefits earned by the perpetrators, or financial losses suffered by the victims.

The disruption to LockBit began in February 2024 by the UK's National Crime Agency (NCA) Cyber Division, in collaboration with the FBI and other international law enforcement agencies. They managed to confiscate a number of public websites and servers used by LockBit, thus disrupting the group's ability to carry out further attacks.

Since the disruption, six LockBit members have been indicted for their participation in the LockBit conspiracy, including:

The US State Department also announced a reward of up to $10 million for information leading to the arrest of Khoroshev, as well as a similar reward for information leading to the identification of individuals holding leadership positions in the criminal group behind the LockBit ransomware.

Korban LockBit didorong untuk menghubungi FBI di https://lockbitvictims.ic3.gov untuk informasi lebih lanjut mengenai pemulihan sistem yang terenkripsi menggunakan varian ransomware LockBit.