Authorities disrupt operations of notorious LockBit ransomware gang
Reading Time: 3 minutesA coalition of international law enforcement agencies, including the U.S. Federal Bureau of Investigation and the U.K.’s National Crime Agency, have disrupted the operations of the notorious LockBit ransomware gang.
LockBit’s dark web leak site — where the group publicly lists its victims and threatens to leak their stolen data unless a ransom demand is paid — was replaced with a law enforcement notice on Monday.
Since it first emerged as a ransomware operation in late 2019, LockBit has become one of the world’s most prolific cybercrime gangs, targeting victims around the world and netting millions of dollars in extorted ransom payments.
At the time of writing, the site now hosts a series of information exposing LockBit’s capability and operations, including backend leaks and details on LockBit’s alleged ringleader, known as LockBitSupp.
Operation Chronos is a task force headed by the NCA and coordinated in Europe by law enforcement agencies Europol and Eurojust. The ransomware takedown operation also involved other international police organizations from Australia, Canada, France, Finland, Germany, the Netherlands, Japan, Sweden, Switzerland, and the United States.
In its announcement on Tuesday, Europol confirmed that the months-long operation has ‘resulted in the compromise of LockBit’s primary platform and other critical infrastructure that enabled their criminal enterprise.’ This includes the takedown of 34 servers across Europe, the U.K. and the United States, along with the seizure of over 200 cryptocurrency wallets.
It’s not yet known how much cryptocurrency was stored in these wallets, or how much the authorities seized.
Separately, the U.S. Justice Department unsealed indictments against two Russian nationals, Artur Sungatov and Ivan Gennadievich Kondratiev, for their alleged involvement in launching LockBit cyberattacks.
The DOJ previously charged three other alleged LockBit ransomware members: Mikhail Vasiliev, a dual Russia-Canadian national, is currently in custody in Canada awaiting U.S. extradition; and Russian national Ruslan Magomedovich Astamirov is in custody in the U.S. awaiting trial. A third suspected member, Mikhail Pavlovich Matveev, aka Wazawaka, is believed to live in the Russian enclave of Kaliningrad and remains subject to a $10 million U.S. government bounty for information that leads to his arrest.
Two alleged LockBit actors have also been arrested in Poland and Ukraine at the request of the French judicial authorities.
Prior to Monday’s takedown, LockBit claimed on its dark web leak site that it was ‘located in the Netherlands, completely apolitical and only interested in money.’
As part of Operation Cronos, law enforcement agencies say they have obtained decryption keys from LockBit’s seized infrastructure to help the ransomware gang’s victims regain access to their data.
‘While the main spokesperson for the LockBit operation, LockBitSupp, won’t be arrested, his operation is crippled, and his infrastructure is completely exposed. Based on past takedowns like this, this will have serious impact on his reputation and his ability to attract new affiliates in the future,’ Liska said.
According to the DOJ, LockBit has been used in approximately 2,000 ransomware attacks against victim systems in the U.S. and worldwide, and has received more than $120 million in ransom payments.
LockBit and its affiliates have claimed responsibility for hacking some of the world’s largest organizations. The group last year claimed responsibility for attacks against aerospace giant Boeing, chipmaker TSMC, and U.K. postal giant Royal Mail. In recent months, LockBit has claimed responsibility for a ransomware attack on the U.S. state of Georgia’s Fulton County, which has disrupted key county services for weeks, and for cyberattacks targeting India’s state-owned aerospace research lab and one of India’s largest financial giants.
Monday’s takedown is the latest in a series of law enforcement actions targeting ransomware gangs. In December, a group of international law enforcement agencies announced they had seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat, which claimed a number of high-profile victims, including news-sharing site Reddit, healthcare company Norton, and the London’s Barts Health NHS Trust.
This is a developing story.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG