The National Crime Agency of the United Kingdom (NCA) reports that the FBI and other agencies have dismantled the LockBit ransomware syndicate, which was responsible for a string of international cyberattacks that brought in at least $120 million.
According to a press release from the NCA, LockBit's attacks have targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars, or euros, both in ransom payments and in recovery costs. The agencies say they have now compromised the entire criminal enterprise after infiltrating the network of the group.
Two people were also detained by law enforcement, one from Poland and the other from Ukraine, according to The Associated Press. The Justice Department also released indictments against two additional Russian nationals.
By providing the equipment and infrastructure required to carry out such cyberattacks, the group, according to the release, gave ransomware to a global network of hackers and “affiliates. “
According to the release, when malicious software from LockBit infected a victim's network, their systems were encrypted and their data was stolen. For the victim to decrypt their files and stop the publication of their data, a ransom would be demanded in cryptocurrency.
The investigation by the NCA and other international partners, according to Director General Graeme Biggar, disrupted the world's most harmful cyber crime group.
Biggar stated in the release that they had hacked the hackers, taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems.
LockBit are currently locked out, he continued. “We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity.”
Merrick Garland, the U.S. attorney general, added that “the keys to their criminal operation are being taken away” by law enforcement from the US and the UK.
In order to assist victims in decrypting their captured systems and regaining access to their data, Garland said in the release that they have obtained keys from the seized LockBit infrastructure.
Hours prior to the announcement, the front page of LockBit's website was changed to read “this site is now under control of law enforcement,” along with flags of the United Kingdom, United States, and other countries.
