Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Global Operations. Show all posts

UK Led Global Operations Disrupt LockBit's Criminal Network

 

One of the most notorious cybercrime organisations in the world has been hit by an unprecedented police operation involving the arrest and indictment of members of the Lockbit ransomware group by the FBI and Britain's National Crime Agency. 

The United States has charged two Russian citizens with deploying Lockbit ransomware against organisations and companies across the globe. Police in Poland and Ukraine made two arrests. 

The disruption of a criminal network, which has targeted over 2,000 victims globally, accepted over $120 million in ransom payments, and demanded hundreds of millions of dollars, was announced by the NCA, FBI, Europol, and U.S. Department of Justice at a meeting in London. 

Britain's National Crime Agency Cyber Division, in collaboration with the U.S. Department of Justice, the Federal Bureau of Investigation, and other law enforcement agencies seized control of websites used by Lockbit the gang and U.S. and British authorities said. The law enforcement agencies also went over and beyond by releasing internal data about the group through Lockbit's own website. 

“We have hacked the hackers," Graeme Biggar, director general of the National Crime Agency, told journalists. "We have taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems.” 

The takedown, dubbed “Operation Cronos” was an international coalition of 10 countries, he added. “Together, we have arrested, indicted or sanctioned some of the perpetrators and we have gained unprecedented and comprehensive access to Lockbit’s systems”. 

Billions in damages 

Ransomware is malicious software that encrypts data; Lockbit and its affiliates profit by coercing victims into paying a ransom to decrypt or unlock that data using a digital key. In recent months, some of the world's largest organisations have been targeted by the gang's digital extortion tools.

Its affiliates are like-minded criminal groups that Lockbit recruits to carry out attacks with those tools. Those affiliates carry out the attacks and pay Lockbit a portion of the ransom, which is typically sought in cryptocurrency, making it difficult to track. 

Operation Cronos confiscated 34 of Lockbit's computers, detained two gang members, frozen 200 cryptocurrency accounts, and shuttered 14,000 "rouge accounts" used online to launch Lockbit's operations, the officials said. 

Lockbit has caused monetary losses totaling billions, the NCA's Biggar stated, to businesses who not only had to pay ransom payments, but also had to shoulder the cost of getting their systems back online. 

Before it was disrupted, Lockbit's website displayed an ever-growing gallery of victim organisations that was updated nearly daily. Next to their names were digital clocks that showed the number of days left to the deadline given to each organisation to provide ransom payment.