2024-02-21 14:03:53
The months-long operation against the world’s most harmful ransomware group has ended successfully. Law enforcement agencies from 10 countries participated in the investigation.
“Through our close cooperation, we cracked the hackers; we took control of their servers, seized their source code, and obtained the keys that victims can use to decrypt their systems” said Graeme Biggar, Director General of the NCA.
What is LockBit?
LockBit is widely known as the world’s most widespread and its most damaging ransomwarewhich caused billions of euros in damage.
LockBit first surfaced in late 2019, first known as the “ABCD” ransomware. Since then, it has grown rapidly and in 2022 became the most widespread ransomware variant worldwide. He has carried out attacks against many high-profile organizations. Among them are against Boeing, the British Royal Mail, the automotive giant Continental and the Italian tax office.
In a joint advisory issued in June, U.S. cybersecurity authorities and its partners worldwide estimated that LockBit at least He extorted $91 million from American organizations, after 2020 no less than 1700 attacks carried out.
According to the US Department of Justice, the gang has more than 2000 victims volt. From these people more than He collected $120 million in ransomafter filing claims totaling hundreds of millions of dollars.
Most recently, Bank of America warned its customers about a data breach after Infosys McCamish Systems (IMS) was hacked.
So far, two LockBit operators have been arrested
The US Department of Justice has two indictment made public regarding the LockBit attacks. Both persons in the indictment are Russian citizens. One of them is Artur Sungatov and the other is Ivan Gennadievich Kondratiev (aka Bassterlord). On February 20, the US Department of the Treasury’s Office of Foreign Assets Control also imposed sanctions on the two men.
Previous defendants against Lockbit ransomware actors include Mikhail Vasiliev, Ruslan Magomedovich Astamirov, and Mikhail Pavlovich Matveev, alias Wazawaka.
Law enforcement agencies have created a decryption tool to restore encrypted files for free. More than 200 crypto wallets have now been seized after the cybercriminal gang’s servers were hacked in an international operation.
The investigation into the LockBit attack was coordinated by Operation Cronos, a task force led by the UK’s National Crime Agency (NCA), and in Europe by Europol and Eurojust. The investigation began in April 2022 at Eurojust, at the request of the French authorities.
“The months-long operation resulted in the compromise of LockBit’s primary platform and other critical infrastructure that enabled their criminal organization to operate” Europol said.
More than 14,000 fraudulent accounts responsible for data removal have been identified and referred for removal by law enforcement.
Europol also said that these fraudulent accounts were used by LockBit members to host tools and software used in attacks and to store data stolen from companies.
The authorities have obtained all relevant information
As part of Operation Cronos, law enforcement agencies have more than 1000 decryption keys were also recovered of the reserved LockBit servers. Using the decryption keys, the Japanese police, the NCA and the Federal Bureau of Investigation (FBI) developed the LockBit 3.0 Black Ransomware decryption tool with the support of Europol.
“This site is now under the control of the UK’s National Crime Agency, which is working closely with the FBI and the international law enforcement task force called Operation Cronos,” reads LockBit’s website.
Free decryptor is now available on “No More Ransom” portal across.
It is not yet known how much cryptocurrency was stored in the 200 seized wallets. However, it is possible that victims who have paid ransom demands may now get some of their money back, as was the case with Colonial Pipeline and various healthcare organizations in the past.
According to Europol, a “vast amount” of data has been collected on the LockBit operation, which will be used in ongoing operations against the group’s leaders, as well as its developers and affiliates.
“We have the source code, the data of the attacked victims, the amount of money extorted, the stolen data, the chats and much, much more” – can be read in the letter from the law enforcement agencies.
“We may be applying soon. We wish you a nice day. Sincerely, UK National Crime Agency, FBI, Europol and Operation Cronos Law Enforcement Task Force,” the letter concludes.
1708524503
#worlds #largest #ransomware #group #caught