Lockbit's Website Taken Down By Law Enforcement
The website used by LockBit, a major criminal ransomware cyber attack gang, has been taken over by UK Law Enforcement. The site allow people to hack computer networks and hold the victim’s data until a ransom is paid. Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.
An unexpece message appeared on the site belonging to the group saying it is "now under control of law enforcement" the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."
It says that this is an "ongoing and developing operation". A message appeared on the site of ransomware specialist LockBit, "This site is now under the control of the NCA of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," it reads. “LockBit have been in operation for four years and during that time, attacks utilising their ransomware were prolific. LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery."
“The group provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure required to carry out attacks... When a victim’s network was infected by LockBit’s malicious software, their data was stolen and their systems encrypted. A ransom would be demanded in cryptocurrency for the victim to decrypt their files and prevent their data from being published, “ says the NCA statement.
The operation was conducted by Britain's NCA, the US Federal Bureau of Investigation (FBI), Europol and a coalition of international police agencies, according to the post on LockBit's website.
In 2023 the UK had the second highest number of published LockBit victims (65) behind the USA (396). Other nations reporting Lockbit malware incidents in 2023 included France (51),Germany (43), Canada (42), Italy (35), Spain (25), India (22), Australia (21) and Brazil (21), demonstrating the prevelance of Lockbit's activitoes.
The group and its affiliates make money by stealing sensitive data and threatening to leak it unless their victims pay a ransom. LockBit has been involved in sequence of high profile hackings, notably including in an attack on the British Royal Mail, the City of Montreal's electricity supply and the Ports of Lisbon and Nagoya.
Check Point Software Technologies’ Threat Intelligence Group Manager, Sergey Shykevich commented "This is bad timing for LockBit, having recently been removed from two Russian underground cybercrime forums for questionable business ethics.This latest action by UK and US authorities will be a major setback for their operations, and is likely to degrade their ability to recruit and retain affiliates. However... ransomware gangs are notoriously resilient and may emerge under a different banner in the near future. The threat from this criminal gang and other ransomware groups will continue, and organisations must be constantly on their guard.”
According to Huseyin Can Yuceel, security researcher at Picus Security “Ransomware groups often leverage public-facing vulnerabilities to infect their victims with ransomware. This time, Operation Cronos gave LockBit operators a taste of their own medicine. ... Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online. Currently, LockBit associates are not able to login to LockBit services."
"In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild. Takedowns are short-lived if no one is arrested." Yuceel added.
Last year the UK's National Cyber Security Centre (NCSC) issued a warning about the "enduring threat" posed by the group, alongside partner agencies in the US, Australia, Canada, France, Germany and New Zealand and the NCSC says that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted.
The NCSC statement describes LockBit's software as the "most deployed ransomware variant" across the world in 2022, and that it "continues to be prolific so far in 2023". LockBit was first detected in 2020, when the software surfaced on Russian language forums, leading some analysts to believe the group is based in Russia.
NCA: @vxunderground: BBC: Independent: Ground: Standard: Shropshite Star:
Reddit: Barrons: HepNetSecurity: Image: summerphotos
You Might Also Read:
Ransomware: Businesses Are Well Equipped But Underprepared:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible