Following multiple indictments against affiliates and leaders of the group last year, ransomware gang LockBit appears to have been severely hampered in its operations, according to ransomware data collected by cybersecurity publication Cybernews.
Despite the arrests and technical disruptions by law enforcement officials, LockBit claimed more victims with its ransomware than any other single group tracked by Cybernews. LockBit claimed 526 victims, mainly in manufacturing and industrial, technology and retail in 2024. The next group, RansomHub, claimed 499 victims.
LockBit's nearly 530 victims last year was significantly less than the number it had claimed in 2023, according to Cybernews. This decline is likely in large part thanks to the series of arrests the United States and other countries made against LockBit affiliates last year.
The U.S. Department of Justice alone made four separate announcements about arrests and disruptions last year.
In the first instance, in February, the FBI and DOJ jointly announced that law enforcement in the U.S., U.K. and Europe had disrupted LockBit by seizing public-facing websites and servers used by the group and obtaining keys that could help victims decrypt their systems and regain access to their data. The U.S. also unsealed indictments against Russian nationals Artur Sungatov and Ivan Kondratyev for allegedly deploying LockBit against multiple victims in the U.S. and internationally.
In May, the DOJ identified Russian national Dmitry Yuryevich Khoroshev as LockBitSupp, the alleged designer of the LockBit ransomware, who recruits affiliates to deploy it and maintains the infrastructure, including a control panel for affiliates and a data leak site for publishing stolen data. He allegedly received 20% of each ransom payment, personally collecting at least $100 million.
In July, the DOJ secured guilty pleas from two Russian nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev. The two had been arrested and charged in June 2023 and November 2022, respectively. Astamirov allegedly deployed LockBit against at least 12 victims, extorting $1.9 million, between 2020 and 2023. Vasiliev allegedly deployed LockBit against at least 12 victims, causing at least $500,000 in damage and losses between 2021 and 2023.
Finally, in December, the DOJ announced charges against Rostislav Panev, 51, a dual Russian and Israeli national. Panev was arrested in Israel in August pending extradition to the United States for allegedly developing the LockBit malware code and maintaining the infrastructure on which LockBit operated from its inception in 2019 through at least February 2024. Between June 2022 and February 2024, Khoroshev, the primary LockBit administrator, transferred over $230,000 in cryptocurrency to Panev's wallet.
Despite all of the charges and disruptions, LockBit remained active throughout the year. In June, the group released records stolen from Evolve Bank & Trust, which also affected many of the fintech partners the bank has sponsored.
LockBit has threatened a return in early February, reportedly with a new variation of their ransomware. When law enforcement disrupted the group early last year, officials said at the time that they had found evidence the group was working on the next version.
