“The most dangerous cybercrime group in the world” has been largely dismantled, several organizations fighting against cybercrime rejoiced on Tuesday.
Among them, the section for combating cybercrime (J3) of the Paris prosecutor's office.
She declared in a press release that she had participated in this “international operation against the criminal network linked to LockBit ransomware”.
Why was this group targeted?
This hacker group's software works by infecting a network.
He steals data and encrypts the systems, explains the National Crime Agency (NCA), the British agency which participated in its dismantling, in a press release.
“A ransom is then demanded in cryptocurrency from the victim to decrypt their files and prevent the publication of their data,” continues the NCA.
The NCA reveals details of an international disruption campaign targeting the world's most harmful cyber crime group, Lockbit.
Watch our video and read on to learn more about Lockbit and why this is a huge step in our collective fight against cyber crime.
pic.twitter.com/m00VFWkR9Z
— National Crime Agency (NCA) (@NCA_UK) February 20, 2024
LockBit has been used since 2019 and is “one of the most active internationally”, details the Paris prosecutor’s office.
It caused “nearly 2,500 victims, including more than 200 in France, including hospitals, town halls and companies of all sizes”, with millions of euros in losses internationally.
In 2022, the Corbeil-Essonnes hospital was, for example, targeted by a ransom demand of one million dollars, and in 2023 the Thalès and Nuxe groups were victims of this group of hackers.
In France, an investigation has been opened since 2020 by J3 for several charges, including extortion by an organized gang and criminal association with a view to committing a crime or misdemeanor.
How did the operation go?
Few details have been given on the operation carried out to bring down LockBit, launched on February 19.
“After infiltrating the group’s network, the NCA took control of LockBit’s services, compromising their entire criminal enterprise,” the British agency said.
“We hacked the hackers,” said Graeme Biggar, director general of the NCA, announcing the incapacitation of LockBit at a press conference in London.
“This site is now under the control of law enforcement,” a message on a LockBit site indicated in recent hours, specifying that the British NCA had taken control of the platform, in cooperation with the American FBI and agencies from several countries.
“We can confirm that LockBit services are disrupted due to an international police operation, this is an ongoing operation,” the message added.
NATIONAL CRIME AGENCY / AFP
In addition to the United Kingdom and France, the United States, Germany, the Netherlands, Switzerland, Japan, Australia, Canada and Sweden participated in this task force.
Have those responsible been arrested?
Several people have been arrested in the last hours.
“French investigators arrested two targets in Poland and Ukraine and carried out searches,” writes the Paris prosecutor's office, adding that “investigations will continue to identify and arrest other members of the group.”
The NCA also specifies that the United States has indicted two other people.
#FBI Deputy Director Paul Abbate announced the successful disruption of the LockBit Ransomware Variant alongside our UK partners.
If LockBit ransomware has victimized you or your organization, visit https://t.co/a2kerpzly4 to learn possible decryption capabilities.
pic.twitter.com/iXKsPAEdlF
— FBI (@FBI) February 20, 2024
On the other hand, 28 servers located in different countries were taken out of service and more than 200 cryptocurrency accounts linked to the group were frozen.
The NCA said it has recovered over a thousand decryption keys and will contact affected victims to help them recover their data.
International agencies, however, warn that it is possible that the hacker group will reform in the future, and assure that they will remain “vigilant” and will not “cease their efforts to target this group and its associates”.