Lockbit Cybercrime Gang Disrupted by International Police Operation

London, Feb 19 (Reuters) – Lockbit, a notorious cybercrime gang known for holding victims’ data to ransom, has been disrupted in a rare international law enforcement operation led by Britain’s National Crime Agency (NCA) and the U.S. Federal Bureau of Investigation (FBI), according to a statement on the gang’s extortion website on Monday.

The post on the gang’s website declared, “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.”

An NCA spokesperson confirmed the disruption of the gang and stated that the operation is “ongoing and developing”.

Lockbit and its affiliates have targeted some of the world’s largest organizations in recent months, employing tactics where they steal sensitive data and demand exorbitant ransoms under the threat of leaking the information. Lockbit’s affiliates are akin to criminal subcontractors recruited by the group to carry out attacks using Lockbit’s digital extortion tools.

Ransomware, the malicious software utilized by Lockbit, encrypts data and demands payment to decrypt or unlock it with a digital key, making it a lucrative business for cybercriminals.

“They are the Walmart of ransomware groups, they run it like a business–that’s what makes them different,” remarked Jon DiMaggio, chief security strategist at Analyst1, a U.S.-based cybersecurity firm. “They are arguably the biggest ransomware crew today.”

The disruption of Lockbit marks a significant victory in the ongoing battle against cybercrime, highlighting the collaborative efforts of international law enforcement agencies to combat digital threats and protect organizations and individuals from cyberattacks.

Understanding LockBit: The Cybercrime Gang Targeting Global Organizations

Ransomware, a term now ubiquitous in the digital realm, has evolved into a lucrative venture for cybercriminals, with LockBit emerging as a prominent player in this nefarious landscape. As ransomware incidents continue to proliferate, understanding the modus operandi of groups like LockBit becomes imperative for individuals and organizations seeking to safeguard their digital assets.

LockBit, introduced to the cybersecurity arena in 2019, operates as both a malicious software (malware) and the group behind its creation. Unlike traditional ransomware, LockBit employs a double-extortion tactic, encrypting stolen data and threatening to publish it unless a ransom is paid, making it a formidable adversary in the realm of cybersecurity.

The group’s operational model, characterized by its ransomware-as-a-service approach, allows affiliates to deploy LockBit malware in exchange for a share of the ransom proceeds. This affiliate scheme has facilitated the group’s widespread impact, with victims spanning diverse sectors and geographic locations.

Little is known about the LockBit group’s origins or motives, as they maintain a clandestine presence on the dark web. However, their actions speak volumes, with high-profile victims including the United Kingdom’s Royal Mail and Ministry of Defence, Japanese cycling component manufacturer Shimano, and aerospace giant Boeing.

Notably, LockBit imposes restrictions on its affiliates, forbidding attacks on critical infrastructure, institutions like hospitals, and certain post-Soviet countries. While these rules ostensibly aim to mitigate collateral damage, rogue affiliates may circumvent these restrictions, posing challenges for law enforcement and cybersecurity professionals.

The recent leak of data stolen from Boeing underscores the group’s uncompromising stance, highlighting the grave consequences of non-compliance with ransom demands. With almost 2,000 victims in the United States alone, LockBit’s impact reverberates across industries and borders, underscoring the urgency of proactive cybersecurity measures.

In conclusion, LockBit represents a formidable threat in the ever-evolving landscape of cybercrime. As organizations grapple with the specter of ransomware attacks, awareness of groups like LockBit and their tactics is crucial for mitigating risks and fortifying cyber defenses. By fostering collaboration between stakeholders and investing in robust cybersecurity strategies, we can strive towards a safer digital future, resilient to the pervasive threat of cybercriminal activity.

Authors: DE/DA

Read more: Reuters

Last Updated on February 19, 2024