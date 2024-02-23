A joint police operation from different states captured the Lockbit group this week. According to the authorities, the group that also attacked Finns also had a server in Finland.

One one of the world's most harmful online extortion groups has operated a server in Finland.

The information appears from the European police authority Europol from the bulletinwhich tells about the police operation by the authorities targeting the Lockbit ransomware group.

The Lockbit group was the target of an international police operation this week, as a result of which the authorities seized several servers and dark web sites used by the group. In addition, the authorities of different countries have arrested suspects in the operations and published wanted notices for people who are believed to be part of the group. US authorities have also promised tip rewards of up to millions of dollars for information leading to the capture of the group's main suspects.

According to Europol, a total of 34 servers used by Lockbit from different countries were taken over in the operations, and Finland is mentioned as one of the countries. Europol has also said that the Finnish police participated in the operation. However, the public has not commented on how many servers from Finland were taken over.

Information security company Senior Threat Analyst at Withsecure Stephen Robinson tells STT by e-mail that based on the authorities' information, it seems that Lockbit operated in Finland. However, he reminds that servers can easily be rented using, for example, stolen personal data.

“There is still no indication that any Lockbit member or partner is physically in Finland,” Robinson writes.

According to him, the most likely reason for the server being kept in Finland is that the local server could have made it easier for Lockbit to target victims in Finland and nearby countries. For example, the transfer of files from servers to Russia would, according to Robinson, be significantly more suspicious of the victims than the fact that the data transfer is directed to Finland.

The Central Criminal Police will not comment on the details of the operation to STT.

Finnish victims has also been Lockbit has published information on its own blog at the time that the group has been behind the attacks aimed at the Savonia University of Applied Sciences and the Uusimaa-based cold storage company KWH Freeze. Both parties have also confirmed that they were the targets of an online attack: Savonia in 2022, KWH Freeze last fall.

KWH Freeze announced last November that some of the personal information of its current and former employees may have been compromised in the attack. Based on the information security breach notification made by the company, the attack compromised the data of a few hundred people. Managing director Peter Lång does not comment on the compromised information to STT in more detail, but says that the company filed a criminal complaint about the attack in time.

According to him, the company's operations were not endangered due to the attack, but according to him, the investigation after the attack has not only cost a lot, but also tied up some of the company's staff.

“Those guys have to be brought to justice,” says Lång.

Lockbit group is popular as one of the world's most active and also the most destructive cyber extortion groups. Withsecure's Robinson estimates that the group was responsible for about a fifth of all ransomware attacks. of the United States the Cyber ​​Security Agency According to (CISA), the group has been offering ransomware attacks for a fee. The group started its activities at the turn of this decade, but now the authorities have taken over its servers and data. Robinson considers it possible that the authorities have infiltrated the group's information systems by exploiting vulnerabilities similar to what the group itself has used when attacking others.

According to the authorities, at least some of the suspected key actors are Russian, but there are also other nationalities among the suspects. of the United States Treasury has described Lockbit as a Russian group, and two of the group's suspected leaders have been placed under economic sanctions

The US Federal Police FBI, the UK's National Crime Agency and Europol are also asking victims of the Lockbit group to get in touch so they can recover the information the group took from them.