Police agencies from a dozen countries infiltrated and dismantled LockBit, a powerful “ransomware” or data kidnapping gang, reported the United Kingdom National Crime Agency, this Tuesday, February 20, which described it as the “group of most damaging cybercrime in the world.
First modification:
3 min
The UK National Crime Agency (NCA) announced this Tuesday, February 20, the dismantling of the LockBit gang, dedicated to “ransomware”, a form of extortion through data kidnapping, through which they obtained billions of dollars of victims around the world.
According to data from the NCA, in the four years it has been active, the network attacked thousands of victims and caused damages of “billions of pounds, dollars and euros” in both ransom payments and recovery costs.
Hours before the announcement, the front page of LockBit's site was replaced with the words “this site is now under control of the authorities”, along with the flags of the UK, US and several other nations.
The message said the website was under the control of the UK's National Crime Agency, which has been “working in close co-operation with the FBI and the international law enforcement task force, Operation Cronos”.
He added that it was an “ongoing operation”, in which agencies from Germany, France, Japan, Australia, New Zealand and Canada, among others, including Europol, also participated.
The NCA reveals details of an international disruption campaign targeting the world's most harmful cyber crime group, Lockbit.
Watch our video and read on to learn more about Lockbit and why this is a huge step in our collective fight against cyber crime. pic.twitter.com/m00VFWkR9Z
— National Crime Agency (NCA) (@NCA_UK) February 20, 2024
LockBit, reportedly operating since 2019, has been the most prolific ransomware site for two years in a row, according to authorities. The group accounted for 23% of the nearly 4,000 attacks worldwide last year in which data from thousands of victims, including large banks, was stolen for extortion, according to cybersecurity firm Palo Alto Networks.
The UK-led operation aimed to extract all of LockBit's data and then destroy its infrastructure, causing a “major and significant degradation” of the cybercrime threat.
Officials explained that LockBit is led by Russian speakers and does not attack former Soviet nations.
'The Instagram' of data hijacking
LockBit is linked to attacks on the UK's Royal Mail, the UK's National Health Service, aircraft manufacturer Boeing, international law firm Allen and Overy and China's largest bank, ICBC.
Last June, US federal agencies published an advisory that attributed around 1,700 ransomware attacks in the United States since 2020 to LockBit and said victims included “municipal governments, county governments, public schools in higher education and K-12 (early childhood) schools and emergency services.”
An NCA official called LockBit “the Instagram or Rolls-Royce” of ransomware and said the aim of the operation was to take down that group and its reputation. “Attacking the brand is as important as attacking the infrastructure,” he added.
Ransomware is the most costly and disruptive form of cybercrime and has paralyzed governments, judicial systems, hospitals and schools, as well as thousands of companies.
It is difficult to combat since most gangs are based in former Soviet states and are beyond the reach of Western justice. Law enforcement agencies have had some recent successes against ransomware gangs, most notably the FBI's operation against the Hive group. But criminals regroup and change brands.
The UK's National Cyber Security Center previously warned that ransomware remains one of the biggest cyber threats facing the UK and urged people and organizations not to pay ransoms if they are attacked.
This article is adapted from our English version
#dismantle #LockBit #damaging #data #hijacking #gang #world