A note on the website viewed by AWN states that the world’s most prolific ransomware gang was extorted from by the FBI and its international allies, and that the site has been taken down.
A global ransomware gang called LockBit, which has threatened organisations worldwide, including US healthcare companies, has taken a hit to its near-term operations. The ransomware assault that caused Capital Health of New Jersey to cancel several patient visits in November was allegedly carried out by these hackers.
In the past few months, LockBit has also taken credit for ransomware attacks in Fulton County, Georgia, and on China’s Industrial and Commercial Bank.
An ongoing and developing operation has disrupted Lockbit’s services, according to a message posted on Monday by the hackers’ website. The message also includes the seals of the FBI, UK National Crime Agency (NCA), and several other law enforcement agencies from Australia to Germany.
British and American officials painted a more complete picture of the LockBit crackdown on Tuesday morning. The National Crime Agency and the Federal Bureau of Investigations announced they had created software that could unlock computers locked by the hackers, which might help “hundreds” of victims around the world.
Europol, the European Union’s police agency, announced the arrests—which did not identify the individuals—of two LockBit agents in Poland and Ukraine at the request of French authorities.
The US Justice Department has separately announced the indictment of two Russian males, Ivan Gennadievich Kondratiev and Artur Sungatov. They were found guilty of using the LockBit ransomware to target various organisations across the US, including unidentified manufacturing enterprises. In addition, Kondratiev and Sungatov were sanctioned by the Treasury Department.
It is uncertain, however, if they will ever set foot in a US courtroom. According to the Treasury Department, Kondratiev is now in Russia. No specific site for Sungatov was specified by the department.
Given the current state of affairs in Ukraine and the lack of an extradition treaty between the two countries, bilateral cooperation on cybercrime is at an all-time low.
The Justice Department announced in a statement that LockBit has targeted over 2,000 victims and has collected over $120 million in ransom payments.
According to the NCA statement, the hackers were able to obtain the “source code,” or the hidden components of a programme that enable it to function, after a long-term intrusion of LockBit.
In order to blackmail victims, fraudsters must set up new computer infrastructure after capturing a ransomware group’s dark web site. Further investigation into the hackers’ networks may be indicated by this. The FBI claimed a year ago that it possessed decryption software that saved victims over $130 million in ransom payments in another operation against a ransomware ring.
Experts think that Russia, China, and Eastern Europe are home to members or criminal associates of LockBit. Just like other money-grubbing ransomware organisations, LockBit leases out its malware to “affiliates,” who then employ the harmful code in assaults and keep a portion of the ransom that victims pay.
Ransomware from LockBit has been very common in the past year, surpassing other ransomware varieties, according to private experts. Don Smith, VP of threat research at cybersecurity firm Secureworks, claims that, according to victim information that the hackers have put online, LockBit makes up a quarter of the ransomware market.
Globally, both public and private detectives will be watching LockBit’s every move. After disruptions caused by law enforcement, well-funded ransomware groups will often rebuild their computer infrastructure and rebrand their hacking tools to avoid repercussions in the criminal underworld.
The FBI and its international partners have been engaged in a multi-year battle against ransomware gangs, with their headquarters typically located in Russia and Eastern Europe, and this operation represents the most recent development in that conflict.
The ransomware industry is booming despite high-profile arrests and the confiscation of millions of dollars in ransom by law authorities.
Despite the US government’s attempts to shut off cybercriminals’ money flows, crypto-tracking firm Chainalysis estimates that cybercriminals extorted a record $1.1 billion in ransom payments from victim organisations worldwide last year.
Considering their Russian basis, “it is highly unlikely core members of the LockBit group will be arrested as part of this operation,” said Allan Liska of cybersecurity firm Recorded Future and an authority on ransomware, in an interview with AWN.
“The seizure of LockBit’s website by law enforcement will have a significant, albeit short-lived, impact on the ransomware ecosystem and a slow-down in attacks,” Liska added.
He continued by saying that LockBit was known for being a particularly vicious ransomware operator and that it encouraged its affiliates to target institutions like schools and hospitals. “Please give these areas a chance to fortify themselves,” I said, hoping that they would.
