Several Countries Join Forces to Smash the World’s Most Dangerous Cybergang

Several Countries Join Forces to Smash the World’s Most Dangerous Cybergang

image provided by pixabay

This post is also available in: heעברית (Hebrew)

UK and US law enforcement led an international operation, successfully disrupting the Russian-linked ransomware specialist LockBit, one of the most harmful cybercrime groups in the world.

LockBit as well as its affiliates have attacked hospitals, schools, governments, and major companies, extracting tens of millions in ransoms from victims and causing billions of dollars in damage.

Britain’s National Crime Agency (NCA) has reportedly worked with agencies from nine countries, infiltrated LockBit’s network, and taken control of its services, with a message appearing on the site stating that it is “now under control of law enforcement”.

According to Techxplore, the agencies seized control of many different public-facing websites that were used by LockBit to connect to the organization’s infrastructure and have taken control of servers that were used by LockBit administrators. The NCA had obtained over 1,000 decryption keys and stated it will contact UK-based victims in the coming days and weeks to offer support and help them recover encrypted data.

LockBit has reportedly targeted over 2,000 victims and received more than $120 million in ransom payments since its emergence four years ago, with victims including Britain’s Royal Mail, US aircraft manufacturer Boeing, and a Canadian children’s hospital.

LockBit operates as a “ransomware as a service,” or RaaS, leasing its software and methods to others to use in ransomware attacks. This enables criminals with minimal computer knowledge and capabilities to get into ransomware by paying the group for their expertise.

It works like so: the initial access broker (cybercriminal) specializes in breaking into corporate or institutional computer systems, and later sells that access to the hacker or ransomware operator. The operator then depends on RaaS developers (like LockBit), since they have the programming skills to create the malware needed to carry out the operation. When the ransomware is planted and activated on the target, they receive a message telling them how much to pay to get their data unencrypted (which can range from thousands to millions of dollars).