Britain and FBI lock notorious LockBit hackers out of their own website in major operation | #cybercrime | #infosec

One the world’s most prolific cyber crime gangs has had its site taken over in major a global operation led by British and American law enforcement.

LockBit, which is believed to have been responsible for ransomware attacks on Royal Mail, Boeing and thousands of others, was targeted in an operation led by the National Crime Agency, FBI and Europol.

The international law enforcement coalition of 10 countries “hacked the hackers” to take down the prolific ransomware site, whose attacks have cost “billions” in ransomware payments and recovery costs.

Speaking at a press conference in Westminster on Tuesday, he said that LockBit had been the most prolific ransomware group in the last four years and was behind 25 per cent of attacks in the past year.

LockBit targets have included major companies, public services even a hospital. He said the gang had caused “enormous harm and cost”.

US authorities announced they have brought charges against five Russian nationals linked to the group, two of whom are in custody – Mikhail Vasiliev, who is being held in Canada, and Ruslan Magomedovich Astamirov, who is in the US.

The remaining three – Artur Sungatov, Ivan Kondratyev and Mikhail Pavlovich Matveev – are at large.

Two further people have been arrested in Poland and Ukraine and more than 200 cryptocurrency accounts believed to be linked to the group have been frozen, Europol said.

NCA investigators found that the gang behind the ransomware attacks did not always delete data even when victims have paid their ransom demands. Meanwhile the infrastructure supporting LockBit’s tool that was used to steal data, known as StealBit, based in three countries, has been seized.

It said it has found more than 1,000 decryption keys held by the group and will be contacting UK-based victims to help them recover encrypted data.

Mr Biggar said: “Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems.”

The LockBit website was taken over by law enforcement (NCA/PA)

Although LockBit may try to rebuild, Chris Morgan, analyst from cyber security firm ReliaQuest, said the law enforcement action was “a significant short-term blow”.

The LockBit site was overlaid with a message on Monday evening saying it was “now under the control of law enforcement”.

The message said the website was under the control of the NCA “working in close cooperation with the FBI and the international law enforcement task force, Operation Cronos”.

It says it is an “ongoing and developing operation” that also involves agencies from Germany, France, Japan, Australia, New Zealand and Canada, among others, including Europol.

The site had been used by LockBit to sell services, including ransomware, to hackers which would allow them to breach people’s computer networks.

The group is believed to have been behind a number of high profile cyber attacks in recent years, including one on Royal Mail last year.

Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.

Brett Leatherman, deputy assistant director of the FBI, told Bloomberg that his agents had seized control of LockBit’s equipment, including servers with data that can be returned to victims. He said indictments and sanctions would follow soon.

The National Cyber Security Centre (NCSC) has previously warned that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted.

Chester Wisniewski, director, global field CTO at cybersecurity firm Sophos said the operation was a “huge win” for law enforcement, but warned that it was unlikely to have fully disrupted LockBit.

“Lockbit rose to be the most prolific ransomware group since Conti departed the scene in mid-2022.

“The frequency of their attacks, combined with having no limits to what type of infrastructure they cripple has also made them the most destructive in recent years,” he said.

“Anything that disrupts their operations and sows distrust amongst their affiliates and suppliers is a huge win for law enforcement.

“We shouldn’t celebrate too soon though.

“Much of their infrastructure is still online, which likely means it is outside the grasp of the police and the criminals have not been reported to have been apprehended.

“Even if we don’t always get a complete victory, imposing disruption, fuelling their fear of getting caught and increasing the friction of operating their criminal syndicate is still a win.

“We must continue to band together to raise their costs ever higher until we can put all of them where they belong, in jail.”

More follows…

Source link


Click Here For The Original Source.


National Cyber Security