“We hacked the hackers”, dismantling the “most harmful” cybercriminal group in the world

Thousands of victims, hospitals or town halls targeted, losses totaling billions of euros... The LockBit group of cybercriminals, presented as "

the most harmful

 " in the world, was dismantled during an international police operation, they said. announced Tuesday the authorities of several countries.

A screenshot of the Lockbit site after the site was taken over during an international operation, February 20, 2024. © NATIONAL CRIME AGENCY / AFP

By: RFI Follow


Read more

After infiltrating the group's network, the NCA took control of LockBit's services, compromising their entire criminal enterprise

 ,” the NCA said in a statement. According to her, the ransomware targeted “

thousands of victims across the world

 ” and caused losses totaling billions of euros, including the ransoms paid and the costs incurred for the victims. “

We hacked the hackers

 ,” said Graeme Biggar, director general of the NCA, announcing the neutralization of LockBit at a press conference in London.

The kings of ransomware

LockBit targeted critical infrastructure and large industrial groups, with ransom demands ranging from 5 to 70 million euros. In 2023, the group notably attacked the British postal operator and a Canadian children's hospital, and in France

the Corbeil-Essonnes

and Versailles hospitals in the Paris region. Cybercriminals made available to their “ 


» tools and infrastructure allowing them to carry out attacks. These consisted of infecting the victims' computer network to steal their data and encrypt their files. A ransom was demanded in cryptocurrencies to decrypt and recover the data, under penalty of publication of the victims' data.

LockBit collected more than $120 million in ransoms in total, according to the United States, where a total of five people, including two Russian nationals, are facing charges. According to the head of the NCA, the investigations did not reveal “ 

direct support

» of the Russian state towards LockBit, but nevertheless underlined a “


 ” towards cybercrime in Russia.

They are cybercriminals, they are based all over the world, there is a large concentration of these individuals in Russia and they often speak Russian

 ,” he said. LockBit is presented as one of the most active malware in the world, with more than 2,500 victims, including more than 200 in France, “

including hospitals, town halls and companies of all sizes

 ,” the Paris prosecutor’s office said in a press release.

French investigators questioned “

two targets in Poland and Ukraine

 ” and carried out searches, according to the same source. The operation made it possible, according to the Paris prosecutor's office, to "

take control of a significant part of the LockBit ransomware infrastructure, including on the darknet

 ", and in particular the "

wall of


where the data of those who refused to pay the ransom were published



This site is now under control of the police 

According to the British NCA, more than 200 cryptocurrency accounts linked to the group have been frozen and investigators have obtained more than 1,000 keys used to decrypt the data so they can return it to their owners. “ 

This site is now under law enforcement control 

,” says a message on a LockBit site, specifying that the British NCA has taken control of the site, in cooperation with the American FBI and agencies from several countries .

In November 2022, the US Department of Justice (DoJ) described LockBit ransomware as “

more active and more destructive variants in the world

 .” A year ago, the Hive ransomware attack network was dismantled. It was accused of targeting 1,500 entities in 80 countries and collecting more than $100 million in ransoms.


With AFP


Read alsoHealth data: 33 million French people affected by hacking, an open investigation


Receive all the international news directly in your inbox

I subscribe

Follow all the international news by downloading the RFI application

Share :

Continue reading on the same themes:

  • Cybercriminality