海角大神

Skip to footer

LockBit locked out: Russian ransomware gang shut down by US, allies

Security officials from Ukraine, the US, and Britain pooled their resources to put an end to LockBit鈥檚 hacking 鈥 a Russia-backed cybercriminal operation with a history of targeting multinational corporations like Boeing.

|
Kelvin Chan/AP
U.S. Attorney Philip Sellinger (second left) and Graeme Biggar, director general of Britain's National Crime Agency (center) join security officials in London to outline legal action taken against Lockbit, a Russia-backed cybercriminal gang, Tuesday, Feb. 20, 2024.
  • By James Pearson and Karen Freifeld Reuters

| London/New York

An international law enforcement operation led by Britain鈥檚 National Crime Agency and the FBI has arrested and indicted members of the LockBit ransomware gang, in an unprecedented police operation that has struck one of the world鈥檚 most notorious cybercrime gangs.

The United States has charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.

The NCA, U.S. Department of Justice, FBI, and Europol gathered in London to announce the disruption of the gang, which has targeted over 2,000 victims worldwide, received more than $120 million in ransom payments, and demanded hundreds of millions of dollars, the DOJ said.

Britain鈥檚 National Crime Agency Cyber Division, with the U.S. Department of Justice, the FBI, and other law enforcement agencies聽seized control of websites used by LockBit, U.S. and British authorities said. The agencies also took the extraordinary step of using LockBit鈥檚 own website to release internal data about the group itself.

鈥淲e have hacked the hackers,鈥 Graeme Biggar, director general of the National Crime Agency, told journalists. 鈥淲e have taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems.鈥

The takedown, dubbed 鈥淥peration Cronos,鈥 was an international coalition of 10 countries, he said. 鈥淭ogether, we have arrested, indicted or sanctioned some of the perpetrators and we have gained unprecedented and comprehensive access to LockBit鈥檚 systems.鈥

鈥淎s of today, LockBit is effectively redundant,鈥 he added. 鈥淟ockBit has been locked out.鈥

A representative for LockBit did not respond to messages from Reuters seeking comment.

Obtained in New Jersey, the unsealed indictment charges Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with using LockBit ransomware to target victims in manufacturing, logistics, insurance, and other companies in five states and Puerto Rico, as well as in semiconductor and other industries around the world.

Additional criminal charges against Mr. Kondratyev were unsealed on Feb. 20 related to his use of ransomware in 2020 against a victim in California, the Justice Department said.

Both men were also sanctioned by the U.S. Treasury.

In November last year, LockBit聽published internal data聽from Boeing聽BA.N, one of the world鈥檚 largest defense and space contractors, and said the U.S. arm of聽China鈥檚 ICBC had paid a ransom聽following an attack that disrupted trades in the U.S. Treasury market.

In early 2023, Britain鈥檚 Royal Mail聽faced severe disruption聽after an attack by the group.

LockBit caused billions in damages

Ransomware is malicious software that encrypts data; LockBit and its affiliates make money by coercing its targets into paying ransom to decrypt or unlock that data with a digital key. The gang鈥檚 digital extortion tools have been used against聽some of the world鈥檚 largest organizations in recent months.

Its affiliates are like-minded criminal groups that LockBit recruits to wage attacks using those tools. Those affiliates carry out the attacks, and provide LockBit a cut of the ransom, which is usually demanded in the form of cryptocurrency, making it harder to trace.

Operation Cronos seized 34 of LockBit鈥檚 servers, arrested two members of the gang, froze 200 cryptocurrency accounts, and closed 14,000 鈥渞ouge accounts鈥 used online to launch LockBit鈥檚 operations, the police agencies said.

LockBit has caused monetary losses totaling billions, the NCA鈥檚 Mr. Biggar said, to businesses who not only had to pay ransom payments, but also had to shoulder the cost of getting their systems back online.

Before it was taken down, LockBit鈥檚 website displayed an ever-growing gallery of victim organizations that was updated nearly daily. Next to their names were digital clocks that showed the number of days left to the deadline given to each organization to provide ransom payment.

On Feb. 21, the LockBit leak website had been transformed by the NCA, FBI, and Europol into a leak site about the criminal gang itself, onto which international police agencies published internal data from inside the group, and countdown clocks threatening to reveal upcoming sanctions and the identity of LockBit鈥檚 ringleader, 鈥淟ockBitSupp.鈥

This story was reported by Reuters with additional reporting by Katharine Jackson and Christopher Bing in Washington.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines 鈥 with humanity. Listening to sources 鈥 with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That鈥檚 Monitor reporting 鈥 news that changes how you see the world.
QR Code to LockBit locked out: Russian ransomware gang shut down by US, allies
Read this article in
/World/2024/0221/LockBit-locked-out-Russian-ransomware-gang-shut-down-by-US-allies
QR Code to Subscription page
Start your subscription today
/subscribe