LockBit: hackers are targets of operation with FBI and Europol – 02/20/2024 – Tech

A task force this Tuesday (20) involving some of the world’s main security agencies targeted LockBit, considered one of the largest groups linked to cybercrime.

The organization was reportedly responsible for ransomware attacks on the UK Post Office system, the Industrial and Commercial Bank of China, a Canadian children’s hospital and Boeing. The operation involved the FBI, the NCA (United Kingdom National Crime Agency), Europol and support from other countries.

“The NCA can confirm that LockBit services have been disrupted as a result of international action by security agencies,” the NCA said in a statement. According to US forces, LockBit was responsible for attacking thousands of people around the world and would have received more than US$120 million in ransoms.

“We hack the hackers,” said Graeme Biggar, director general of the NCA on Tuesday. According to the statement, the group of hackers blocks organizations from their own IT (information technology) systems and charges a ransom to make the system available again. During the negotiation, cybercriminals threaten to leak the stolen data.

Security researchers said LockBit’s “dark web” site has been taken down and replaced with a message stating that it is “now under the control of law enforcement.”

The message states that the NCA, FBI and Europol were among several agencies involved, through an international task force called “Operation Cronos”.

In November 2022, the US Department of Justice classified the malicious software used by LockBit as the “most active and destructive used in the world”.

LockBit is believed to be based in Russia, but collaborates with an international criminal syndicate through a model called “ransomware as a service.” The group rents its malware to a loose network of hackers, who use that network to cripple a wide range of targets: from international financial groups and law firms to schools and medical facilities.

LockBit usually takes a commission of up to 20% of any ransom paid by victims. The group became so notorious that some hackers got tattoos of its logo, part of a promotional scam for which the group offered to pay $1,000.

NCC Group, a cybersecurity firm, said it recorded more than 1,000 LockBit victims last year, representing nearly a quarter of all ransomware attacks. Experts in the US say the number may have exceeded 1,700.

Chester Wisniewski, director of global field technology at cybersecurity firm Sophos, said LockBit, which is believed to have first emerged in 2019, has become the “most prolific ransomware group” over the past two years.

“The frequency of their attacks, combined with the lack of limits on the type of infrastructure they cripple, has also made them the most destructive in recent years,” he said. “Anything that disrupts your operations and sows distrust among your affiliates and suppliers is a big win for law enforcement.”

However, Wisniewski added that “much of their infrastructure is still online,” suggesting there is still work to be done to bring hackers under the full control of law enforcement.

_{With information from AFP and the Financial Times}