LockBit ransomware group remains a key player in today’s threat landscape, with 17 per cent of ransomware engagements in 2023, a new report said on Tuesday.
An international law enforcement operation led by Britain’s National Crime Agency and the FBI has arrested and indicted members of the Lockbit ransomware gang, in an unprecedented police operation that has struck one of the world’s most notorious cybercrime gangs.
The United States has charged two Russian nationals with deploying Lockbit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.
The NCA, U.S. Department of Justice, FBI and Europol gathered in London to announce the disruption of the gang, which has targeted over 2,000 victims worldwide, received more than $120 million in ransom payments and demanded hundreds of millions of dollars, the DOJ said.
Britain’s National Crime Agency Cyber Division, with the U.S. Department of Justice, the FBI and other law enforcement agencies seized control of websites used by Lockbit the gang and U.S. and British authorities said. The agencies also took the extraordinary step of using Lockbit’s own website to release internal data about the group itself.
“We have hacked the hackers,” Graeme Biggar, director general of the National Crime Agency, told journalists.
“We have taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems,” The takedown, dubbed “Operation Cronos” was an international coalition of 10 countries, he said. “Together, we have arrested, indicted or sanctioned some of the perpetrators and we have gained unprecedented and comprehensive access to Lockbit’s systems”.
“As of today, Lockbit is effectively redundant,” he added. “Lockbit has been locked out”. A representative for Lockbit did not respond to messages from Reuters seeking comment.
LockBit ransomware group remains a key player in today’s threat landscape, with 17 per cent of ransomware engagements in 2023, a new report said on Tuesday.
The hacking group has demonstrated intent and competence to attack organisations across many industries and countries, said global cyber risk management company Arete.
“As the threat landscape continues to evolve and adapt, so should the defences and controls protecting organisations around the world,” said David Lacquement, senior VP for government relations and operational intelligence sharing, Arete.
The report offers analysis and insights on the top ten ransomware variants observed and compares the impacts and challenges of RaaS (Ransomware-as-a-Service) operations and closed groups.
Obtained in New Jersey, the unsealed indictment charges Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with using Lockbit ransomware to target victims in manufacturing, logistics, insurance and other companies in five states and Puerto Rico, as well as in semiconductor and other industries around the world. Additional criminal charges against Kondratyev were unsealed on Tuesday related to his use of ransomware in 2020 against a victim in California, the Justice department said.
Both men were also sanctioned by the U.S. Treasury. In November last year, Lockbit published internal data from Boeing, one of the world’s largest defence and space contractors, and said the U.S. arm of China’s ICBC had paid a ransom following an attack that disrupted trades in the U.S. Treasury market.
In early 2023, Britain’s Royal Mail faced severe disruption after an attack by the group. LOCKBIT CAUSED BILLIONS IN DAMAGES Ransomware is malicious software that encrypts data; Lockbit and its affiliates makes money by coercing its targets into paying ransom to decrypt or unlock that data with a digital key. The gang’s digital extortion tools have been used against some of the world’s largest organisations in recent months.
Its affiliates are like-minded criminal groups that Lockbit recruits to wage attacks using those tools. Those affiliates carry out the attacks, and provide Lockbit a cut of the ransom, which is usually demanded in the form of cryptocurrency, making it harder to trace. Operation Cronos seized 34 of Lockbit’s servers, arrested two members of the gang, froze 200 cryptocurrency accounts, and closed 14,000 “rouge accounts” used online to launch Lockbit’s operations, the police agencies said.
LockBit has continued its pursuit to monopolise the ransomware sector by expanding its attack surface by implementing encryptors such as — LockBit targeting MacOS environments, targeting Linux environments, and others.
In 2023, ransoms were paid in 31.3 per cent of engagements, prompting threat actors to grow more aggressive in their negotiating tactics and demand significantly higher ransoms, the report noted.
In addition, ALPHV/BlackCat represented 14 per cent of ransomware engagements in 2023, with a significant uptick in Q3. First identified attacking victims in November 2021, ALPHV/BlackCat has remained a formidable RaaS enterprise since its onset, according to the report.