British, American, and European officials announced on Tuesday that they have disrupted the activities of the notorious ransomware group LockBit, which has extorted $120 million from numerous victims globally. Two individuals have been apprehended as part of the operation.

The NCA of Britain organized a global effort to focus on LockBit, a platform that offers ransomware to affiliates who use it to infect victim networks with malware and demand payment for its removal.

During a press conference, officials announced that two individuals in Poland and Ukraine were arrested and 200 cryptocurrency accounts were seized as a result of the operation. Additionally, the Justice Department revealed indictments against two Russian nationals.

Officials reported that they have obtained “full access” to LockBit’s systems, gaining control of their infrastructure and obtaining keys that can assist victims in decrypting their data.

Graeme Biggar, director general of the NCA, stated that they have successfully outsmarted the hackers and prevented their access. The hacking group LockBit has been effectively blocked.

Shortly before the official announcement, the main page of LockBit’s dark web leak site was updated to display the message “this site is currently being managed by law enforcement,” along with the flags of the United Kingdom, United States, and several other countries.

According to the message, the NCA is collaborating closely with the FBI and an international task force called Operation Cronos. This ongoing operation includes participation from agencies in Germany, France, Japan, Australia, New Zealand, Canada, and others, as well as Europol.

Since 2019, LockBit has been the top-performing ransomware syndicate for two consecutive years. According to cybersecurity firm Palo Alto Networks, the group was responsible for 23% of the approximately 4,000 attacks worldwide last year where ransomware gangs threatened to release stolen data unless payment was made.

The LockBit ransomware has been associated with cyber attacks on several prominent organizations, including the U.K.’s Royal Mail, National Health Service, Boeing, Allen and Overy law firm, and ICBC, China’s largest bank.

Ransomware is the most expensive and disruptive type of cybercrime, causing significant damage to local governments, court systems, hospitals, schools, and businesses. It is challenging to address because many gangs operate from former Soviet states and are beyond the reach of Western legal systems.

The announcement on Tuesday marks the fifth person to be indicted by the U.S. since the start of the operation. Prior to this, three Russians had been charged, and two of them have been arrested – one in Canada and one in the U.S. The remaining individuals are still being sought after.

Officials reported that they confiscated servers utilized by the criminal organization to coordinate and move stolen information, and acquired access to approximately 1,000 potential decryption solutions. They also obtained the Lockbit platform’s source code and a wealth of information on individuals associated with the gang.

According to cybersecurity expert Brett Callow from Emsisoft, this operation is possibly the most impactful intervention against ransomware so far. Although it may result in the demise of the group, these organizations often resurface under different aliases. Callow believes that in the grand scheme of things, this operation alone will not decrease the frequency of ransomware attacks.

The U.K. crime agency carried out an uncommon offensive cyber-attack to steal and destroy LockBit’s data and infrastructure, in order to significantly diminish the cybercrime threat.

Russian speakers make up the majority of LockBit, but they do not target nations that were once part of the Soviet Union. According to officials, LockBit may have a large number of members, but there is no proof that a country like Russia is involved in the syndicate, as stated by Biggar.

“Though he referred to them as criminals, the absence of action from Russian authorities suggests that Moscow is allowing the gang’s operations to continue.”

“According to Jean-Philippe Lecouffe, Europol’s deputy executive director of operations, we have delivered a significant strike not only against their activities, but also significantly damaged their credibility.”

Security professionals were curious about the extent of information that law enforcement had acquired regarding LockBit affiliates’ discussions with those they targeted. This included identifying those who had secretly paid ransoms and the amount paid. Often influenced by specialized companies hired to handle cyber attacks, victims typically refrain from publicly acknowledging that ransomware is the cause.

Authorities informed journalists that the criminal group aimed at 2,000 individuals globally. Biggar stated that the figures will be “considerably underestimated.”

In June of last year, the United States government released a warning stating that approximately 1,700 ransomware attacks in the country since 2020 were caused by LockBit. The victims of these attacks included government agencies at the municipal and county level, as well as public schools and emergency services.

Artur Sungatov and Ivan Kondratyev, two Russian individuals who have been formally charged, have been accused of utilizing LockBit against American manufacturing companies as well as semiconductor businesses globally. Kondratyev is believed to have targeted municipal and private entities in Oregon, Puerto Rico, and New York, as well as victims in Singapore, Taiwan, and Lebanon. Meanwhile, Sungatov is accused of deploying LockBit against manufacturing, logistics, and insurance companies in Minnesota, Indiana, Puerto Rico, Wisconsin, Florida, and New Mexico.

The first instance of sanctions being placed on Sungatov and Kondratyev by the U.S. Treasury Department is part of a joint effort with the Justice Department, FBI, and global allies to target LockBit.

In 2021, it is possible for victims of ransomware in the U.S. to face charges for paying ransoms to sanctioned individuals and groups, but this has not yet occurred.

Law enforcement agencies have scored other recent successes against ransomware gangs, most notably the FBI’s operation against the Hive syndicate.

____

This report was contributed to by Frank Bajak in Boston and Fatima Hussein in Washington.

Source: wral.com