Lockbit, a well-known cybercrime gang that demands ransom for its victims’ data, has been disrupted in a rare multinational law enforcement operation.
Lockbit, a prominent cybercrime gang that demands ransom for its victims’ data, has been halted in a rare international law enforcement operation, according to the group and US and UK officials.
According to a post on the gang’s extortion website, the operation was carried out by Britain’s National Crime Agency, the Federal Bureau of Investigation in the United States, Europol, and a coalition of foreign law enforcement organizations.
“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” read the statement.
An NCA spokeswoman and a US Department of Justice spokesperson stated that the agencies had disrupted the gang and that the operation was “ongoing and developing.”.
Officials in the United States, where Lockbit has infected over 1,700 organizations in practically every area, from finance and food to education, transportation, and government departments, have classified the group as the world’s leading ransomware threat.
A Lockbit official did post messages on an encrypted messaging app stating that the law enforcement action had not harmed the company’s backup systems.
The message also mentioned foreign police organizations from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.
Lockbit and its associates have hacked some of the world’s major corporations in recent months. The group makes money by taking sensitive information and threatening to reveal it if victims do not pay an exorbitant ransom. Its affiliates are like-minded criminal gangs that Lockbit recruits to carry out attacks using its digital extortion tools.
Ransomware is a harmful piece of malware that encrypts files. Lockbit generates money by coercing its victims into paying a ransom to decrypt or unlock their data using a cryptographic key.
Lockbit was discovered in 2020 when its namesake harmful software was spotted in Russian-language cybercrime forums, leading some security professionals to speculate that the gang is based in Russia.
The gang has not expressed support for any government, and no country has formally assigned it to a nation-state. On its now-defunct darkweb site, the group claimed to be “located in the Netherlands, completely apolitical, and only interested in money.”.
“They are the Walmart of ransomware groups; they run it like a business, and that’s what sets them apart,” said Jon DiMaggio, chief security strategist at Analyst1, a cybersecurity firm based in the United States. “They are arguably the biggest ransomware crew today.”
In November of last year, Lockbit revealed internal data from Boeing (BA.N.), one of the world’s top defense and space companies. The gang launched an attack on Britain’s Royal Mail in early 2023, causing significant disruption.
According to vx-underground, a cybersecurity research website, Lockbit declared in a statement in Russian and shared on Tox, an encrypted messaging service, that the FBI targeted its PHP-powered servers. The statement also stated that it has backup servers without PHP that “are not touched.”.
On X, formerly known as Twitter, vx-underground posted screenshots showing that the control panel used by Lockbit’s affiliates to launch attacks had been replaced with a message from law enforcement: “We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more,” it said.
“We may be in touch with you very soon,” it went on to say. “Have a nice day.”.
Before it was taken down, Lockbit’s website included an ever-growing gallery of victim organizations that was updated almost daily. Next to their names were digital clocks that displayed how many days remained until each organization’s deadline to submit a ransom payment.
On Monday, Lockbit’s website exhibited a similar countdown, but from the law enforcement agencies that hacked the hackers. “Return here for more information at 11:30 GMT on Tuesday, February 20th,” the text of the message read.
Don Smith, vice president of Secureworks, an arm of Dell Technologies (DELL.N), stated that Lockbit was the most prolific and dominant ransomware operator in a highly competitive underground market.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
