‘World’s most harmful’ cybercriminal group disrupted in 11-nation operation

Original article here.

Global law enforcement agencies said Tuesday that they have significantly infiltrated the operations of LockBit, one of the world’s most prolific criminal ransomware gangs, in an international operation that aimed to disrupt the group’s repeated attacks.

According to a statement issued Tuesday, an international task force led by Britain’s National Crime Agency, representing 11 different countries’ law enforcement agencies including the FBI, was behind the investigation into LockBit. “After infiltrating the group’s network, the NCA has taken control of LockBit’s services, compromising their entire criminal enterprise,” the British agency said.

The malicious ransomware variant has been deployed by criminal hackers to extort tens of millions of dollars from victims around the world — ranging from global banks to local schools. It is widely believed to be operated from Russia.

As part of the joint operation, two people were arrested Tuesday morning in Poland and Ukraine, and over 200 cryptocurrency accounts were frozen, according to the NCA’s statement. In the United States, the Department of Justice said it has criminally charged two Russian nationals with using LockBit to carry out ransomware attacks, both of whom are in U.S. custody.

In a statement, NCA Director General Graeme Biggar described LockBit as the “most harmful cyber crime group” in the world. “Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems. As of today, LockBit are locked out.”

The first sign of this news appeared late Monday, when a notice appeared on LockBit’s website that read: “This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.”

LockBit ransomware is deployed by criminals who use it to hack into the internal databases of target organizations, extract sensitive data and attempt to extort money from victims. According to the Justice Department, the malicious software has been used to extort more than $120 million in ransom payments from over 2,000 victims. In 2022, it was the most deployed piece of ransomware in the world, according to the U.S. Cybersecurity and Infrastructure Security Agency.

“LockBit is one of the most significant ransomware threats, and many would argue it to be the most prolific group today,” Jason Nurse, a cybersecurity expert at the University of Kent in England, said in an email Tuesday. “These groups are well-funded, operate like a business and are extremely careful in their approach,” he added, describing the takedown as significant.