Ransomware: USA puts LockBit developers on trial
The US Department of Justice has indicted the Russian-Israeli citizen Rostislaw P. for his role as a developer in the ransomware group LockBit.
The Lockbit website on the Darknet was taken over by law enforcement officers in February 2024 and opened in the previous style. One of the Lockbit developers is now on trial in the USA.
(Image: heise online / dmk)
The US Department of Justice announced another success in the fight against the LockBit ransomware gang on Friday. It was recently able to take Russian-Israeli citizen Rostislaw P. into custody and has now charged him for his alleged role as one of the cyber gang's main software developers. US prosecutors accuse him of developing malware and maintaining the infrastructure for attacks. He is accused of extorting more than 500 million US dollars and causing billions of dollars in damage worldwide.
A relevant criminal complaint filed in the federal district of New Jersey was released on Friday, the Department of Justice announced. P. had already been arrested in Israel in August on the basis of a provisional US arrest request with the aim of extradition to the United States. The 51-year-old is currently still in custody in Israel and is awaiting extradition on the charges.
According to the indictment, the documents filed in this and related cases and the statements made in court, P. acted as a developer from the founding of the LockBit Group in 2019 until at least February 2024. During this time, P. and his "co-conspirators" expanded their gang "into what was at times the most active and destructive ransomware group in the world", the US prosecutors write. It has attacked over 2,500 victims in at least 120 countries, including 1,800 in the United States. These included private individuals and small businesses as well as multinational corporations, hospitals, schools, non-profit organizations, critical infrastructure and government and law enforcement agencies.
Wire transfers from alleged LockBit mastermind K.
According to the indictment, at the time of P.'s arrest, investigators discovered administrator credentials on his computer for an online database that was hosted on the darknet and contained source code for several versions of the LockBit builder to create variants of the blackmail Trojan. In one of the directories, the prosecutors also found source code for LockBit's StealBit tool, which "affiliates" could use to exfiltrate stolen data.
P. is also said to have exchanged direct messages with the main administrator of LockBit via a forum for cybercriminals. This was Dimitri Jurjewitsch K. alias putinkrab. According to the investigators, P. and K. discussed work to be carried out on the LockBit builder and the control panel during this conversation. The main administrator had also sent P. a series of transfers of cryptocurrencies worth around USD 10,000 per month to a special wallet between June 2022 and February 2024. The transfers were laundered via one or more illegal mixing services. These transfers are said to have totaled over 230,000 US dollars during this period.
Videos by heise
The arrest and indictment follow strikes against the LockBit infrastructure by the US Department of Justice in cooperation with the UK National Crime Agency (NCA), the FBI and other law enforcement agencies in February. This operation limited the group's ability to launch further attacks. P. and K. are two of several people who have been charged in connection with LockBit. K. is still at large. The US State Department has offered a reward of up to ten million US dollars for information leading to his capture.
(nie)
