What is LockBit 3.0 and what does this malware do and who is its creator?

In May, the US Justice Department announced charges against an individual the agency accuses of leading the LockBit ransomware group, which has carried out thousands of attacks over the last few years. The software used by the group is continuously updated (i.e., they are on the third edition, LockBit 3.0). It is meant to lock users out of their devices and alert them to the attack by showing a random note, sometimes on the desktop.

Who created LockBit?

The Russian national, Dimitry Yuryevich Khoroshev, is alleged to be the “creator, developed, and administrator” of the hacking group, which has stolen over $100 million and targeted over 2,000 victims. Khoroshev is understood to be the founder, but the scale of the operation and what the group has achieved means that many other people are involved. Targeting Khoroshev may work in the short-term to deter the group, but he can be replaced should some of the members of the hacking community have the same skill set when it comes to launching cyberattacks.

Though an arrest warrant has been issued, Khoroshev does not live in the United States and is a national government seen as hostile by Washington, which means that a trial over these charges is unlikely to take place. The State Department has issued a reward worth up to $10 million for any information that leads to the apprehension of the presumed LockBit leader.

Did the group attack the Federal Reserve?

LockBit 3.0 is the newest edition of the software used by the group to access the systems of its targets. The group announced that documents had been stolen from the US Federal Reserve. The deadline for the Fed to act has passed, and the group has uploaded the information they obtained.

So far, it does not appear that any highly sensitive information was released during this most recent attack.