Ransomware: Investigators succeed in striking the LockBit extortion group

Highlights: Lockbit extortion group no longer has at least parts of its infrastructure under its control. Prosecutors managed, among other things, to take over the criminals' central website. Lockbit and its partners have hacked some of the world's largest companies in recent months and years. They use ransomware to encrypt files, drives and backup copies on the victim's network, making them unusable. They only hand over a key in exchange for a ransom to make the systems operational again. LockBit has long been one of the most active ransomware groups.

The notorious Lockbit extortion group no longer has at least parts of its infrastructure under its control. Prosecutors managed, among other things, to take over the criminals' central website.

Enlarge image

Screenshot of the Lockbit page taken over by investigators: “Operation Cronos”

Photo: REUTERS

Investigators have succeeded in striking a global network of cybercriminals and blackmailers. In a joint law enforcement operation, the British National Crime Agency (NCA), the American Federal Bureau of Investigation (FBI), Europol and German police authorities took over parts of the infrastructure of the Lockbit hacker group, as can be read on one of the blackmailers' websites.

“This site is now under the control of the National Crime Agency, which works closely with the FBI and the international law enforcement unit Operation Cronos,” it reads. An NCA spokesman confirmed the gang had been broken up.

According to “CyberScoop,” prosecutors were also able to paralyze communications and other servers.

However, security expert Kevin Beaumont pointed out on Mastodon that other Lockbit websites are still accessible. Data from Lockbit victims can still be viewed on one of them.

Lockbit has thousands of victims

Prosecutors want to release more information about the operation later on Tuesday.

Lockbit and its partners have hacked some of the world's largest companies in recent months and years. They use ransomware to encrypt files, drives and backup copies on the victim's network, making them unusable. They only hand over a key in exchange for a ransom to make the systems operational again. LockBit also increases the pressure on those affected by threatening to publish previously copied internal data. Lockbit does not always carry out the attacks itself, but also relies on an “affiliate” program that is common in the criminal industry, i.e. it cooperates with other perpetrators who rent their ransomware and services. LockBit requires a 20 percent profit share.

According to security companies, Lockbit has long been one of the most active ransomware groups. According to the US cybersecurity agency CISA, Lockbit has attacked at least 1,700 US organizations since 2020. But companies such as Boeing and the British Royal Mail as well as hospitals are also among the many victims of Lockbit and their “affiliates”.

pbe/Reuters

Ransomware: Investigators succeed in striking the LockBit extortion group

Lockbit has thousands of victims

You may like

Trends 24h

Latest