Lockbit ransomware gang arrested in an in an unprecedented police operation. (unsplash)

Lockbit cybercrime gang targeted in global crackdown resulting in indictments and arrests

Members of the Lockbit ransomware gang have been arrested and indicted in a groundbreaking police operation led by Britain’s National Crime Agency and the FBI, targeting one of the most infamous cybercrime groups globally.

The United States has indicted two Russian nationals for using Lockbit ransomware against companies and groups around the world. Polish and Ukrainian police arrested two.

The NCA, the US Department of Justice, the FBI and Europol came together in London to announce the break-up of a gang that targeted more than 2,000 victims worldwide, received more than $120 million in ransoms and demanded hundreds of millions of dollars, the DOJ said.

The UK’s National Crime Agency’s cyber division, along with the US Department of Justice, the FBI and other law enforcement agencies, took over websites used by Lockbit, as well as US and UK authorities. The agencies also took the extraordinary step of using Lockbit’s own website to publish internal information about the group itself.

“We have hacked the hackers,” National Crime Agency director general Graeme Biggar told reporters. “We’ve taken control of their infrastructure, seized their source code, and obtained the keys that help victims decrypt their systems.”

Dubbed “Operation Cronos,” the takedown was an international coalition of 10 countries, he said. “Together we have arrested, charged or punished some of the perpetrators and have gained unprecedented and comprehensive access to Lockbit’s systems.”

“From now on, Lockbit is practically redundant,” he added. “Lockbit is locked out”.

A Lockbit representative did not respond to Reuters’ messages seeking comment.

An unsealed indictment obtained in New Jersey accuses Artur Sungatov and Ivan Kondratyev, also known as Basterlord, of using the Lockbit ransomware to target victims at manufacturing, logistics, insurance and other companies in five states and Puerto Rico, as well as semiconductor and other companies. industries around the world.

Additional criminal charges were filed against Kondratyev on Tuesday related to his 2020 use against a victim in California, the Justice Department said.

Both men also received sanctions from the US Treasury Department.

In November last year, Lockbit released internal data from Boeing, one of the world’s largest defense and space contractors, saying that the US arm of China’s ICBC had paid a ransom following an attack that disrupted trading in US financial markets.

In early 2023, Britain’s Royal Mail was severely disrupted following an attack by the group.

LOCKBIT CAUSED MILLIONS IN DAMAGE

Ransomware is malware that encrypts data; Lockbit and its affiliates make money by forcing their targets to pay a ransom to decrypt data or unlock it with a digital key. The gang’s digital extortion tools have been used against some of the world’s largest organizations in recent months.

Its affiliates are like-minded criminal groups that Lockbit recruits for attacks using these tools. These affiliates carry out the attacks and give Lockbit a cut of the ransom, which is usually demanded in the form of cryptocurrency, making it harder to trace.

Operation Cronos seized 34 Lockbit servers, arrested two gang members, froze 200 cryptocurrency accounts and shut down 14,000 “rouge accounts” used online to launch Lockbit’s operations, law enforcement agencies said.

Lockbit has caused a total of billions in financial losses, the NCA’s Biggar said, with companies not only having to pay ransoms but also having to bear the cost of bringing their systems back online.

Prior to its removal, Lockbit’s website featured an ever-growing gallery of victim organizations that was updated almost daily. Next to their names were digital clocks showing how many days remained before the deadline for each organization to pay the ransom.

On Tuesday, the NCA, FBI and Europol turned the Lockbit leak site into a leak site related to the gang itself, with international police agencies releasing inside information from within the group as well as countdown clocks that threatened to reveal upcoming sanctions and the identity of Lockbit’s leader, “LockbitSupp.”