Source: AFP
An international operation led by UK and US law enforcement has seriously disrupted “the most damaging cybercrime group”, the Russian-linked LockBit ransomware specialist, officials announced on Tuesday.
LockBit and its affiliates have targeted governments, large corporations, schools and hospitals, causing billions of dollars in damages and extorting tens of millions in ransom from victims.
Britain’s National Crime Agency (NCA), working with the Federal Bureau of Investigation, Europol and agencies from nine other countries in Operation Cronos, said it had infiltrated LockBit’s network and taken control of its services.
“We have hacked the hackers, taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems,” NCA director general Graeme Biggar told reporters in London.
The website of LockBit — which sells services that allow people to stage cyberattacks and hold data until the ransom payment appears — was taken down on Monday night.
![](https://images.yen.com.gh/images/d89be4235e7e6a41.jpg?impolicy=cropped-image&imwidth=256)
![](https://images.yen.com.gh/images/d89be4235e7e6a41.jpg?impolicy=cropped-image&imwidth=256)
Read also
Stuck in a cyber attack nightmare? Call the negotiators
A message appeared on the website saying it was “now under the control of law enforcement.”
“As of today LockBit is effectively redundant, LockBit is locked down,” Biggar said.
The US Department of Justice (DOJ) said the agencies seized control of “several publicly accessible websites used by LockBit to connect to the agency’s infrastructure” and took control of servers used by LockBit administrators.
The NCA added that it had obtained more than 1,000 decryption keys and would be contacting UK-based victims in the coming days and weeks to offer support and help them recover encrypted data.
Biggar said the network was behind 25% of all cyber attacks in the past year.
LockBit has targeted more than 2,000 victims and received more than $120 million in ransom payments since it was created four years ago, according to the DOJ.
![](https://images.yen.com.gh/images/efedeedb3d94b396.jpg?impolicy=cropped-image&imwidth=256)
![](https://images.yen.com.gh/images/efedeedb3d94b396.jpg?impolicy=cropped-image&imwidth=256)
Read also
‘World’s Most Harmful’: What Is LockBit Cyber Crime Gang?
Among those targeted are Britain’s Royal Mail, US aircraft maker Boeing and a Canadian children’s hospital.
In January 2023, US law enforcement shut down the Hive ransomware operation, which extorted approximately $100 million from more than 1,500 victims worldwide.
Since then, LockBit has been considered the biggest current threat.
Dark Web
Hive and LockBit are part of what cybersecurity experts call the “ransomware as a service” or RaaS style — a business that leases its software and methods to others to use to extort money.
Ariel Ropek, director of cyber threat intelligence at cybersecurity firm Avertium, told AFP last year that this structure allows criminals with minimal computer skills to get into ransomware by paying others for their expertise.
In the so-called dark web, ransomware service providers present their products openly.
At one extreme are the initial access brokers, who specialize in breaking into corporate or institutional computer systems.
![](https://images.yen.com.gh/images/fef1423e35d56ad7.jpg?impolicy=cropped-image&imwidth=256)
![](https://images.yen.com.gh/images/fef1423e35d56ad7.jpg?impolicy=cropped-image&imwidth=256)
Read also
EU launches investigation into TikTok to protect children
They then sell that access to the hacker or ransomware operator.
But the operator depends on RaaS developers, such as Hive or LockBit, who have the programming skills to create the malware needed to run the operation.
Typically, their programs — once introduced by the ransomware operator into a target’s IT systems — are manipulated to freeze, through encryption, the target’s files and data.
RaaS developers offer a full service to operators, for a large portion of the ransoms paid, Ropek said.
When the ransomware is installed and activated, the target receives a message telling them how much to pay to have their data unencrypted.
These ransoms can range from thousands to millions of dollars.
On Tuesday, the US unsealed an indictment against two Russian nationals, bringing to five the number of Russians charged in connection with LockBit.
In a separate announcement, the US Treasury Department said it was sanctioning the pair, subsidiaries of LockBit, which “actively participated” in ransomware attacks.
![](https://images.yen.com.gh/images/c1f0c4c45bdf1b5c.jpg?impolicy=cropped-image&imwidth=256)
![](https://images.yen.com.gh/images/c1f0c4c45bdf1b5c.jpg?impolicy=cropped-image&imwidth=256)
Read also
UK bank NatWest shakes off CEO turmoil as profits soar
Biggar said a “large concentration” of cybercriminals are located in Russia and are Russian-speaking, but law enforcement agencies have not seen any direct support for LockBit from the Russian state.
“There is clearly some tolerance for cybercrime in Russia,” he added.
Source: AFP