FBI, allies seize dark web site of group claiming responsibility for Fulton County ransomware attack | #ransomware | #cybercrime

ATLANTA, Ga. (Atlanta News First, CNN) – The FBI and its international allies have seized a dark web site that the world’s most prolific ransomware gang that claimed to have extorted the Fulton County government and others, according to a message on the website viewed by CNN.

It’s a blow to the near-term operations of a multinational ransomware gang known as LockBit 3.0, which has been a menace to organizations all over the world, including healthcare providers in the U.S.

The ransomware group said it was behind the cyberattack of Fulton County’s IT systems last month – which continues to impact government services weeks later – and was threatening to release sensitive information it obtained in the attack unless county leaders paid a ransom.

Last week, LockBit 3.0 posted on a dark-web portal that Fulton County had until 12:47 a.m. on Friday to meet their demands or they would publish sensitive information about state citizens and county agencies.

Early Friday morning, however, a source who was able to access the dark web portal confirmed with Atlanta News First that the post had been removed.

It’s unclear if Fulton County paid a ransom or if the hackers pulled their demands. A spokesperson for the county could not say if any county dollars had been exchanged with any suspects on Friday.


When reached by Atlanta News First on Monday, county officials would not confirm anything new about the ransomware attack.

The hackers also claimed credit in recent months for ransomware attacks on the Industrial and Commercial Bank of China and New Jersey-based Capital Health, which was forced to cancel some patient appointments.

“We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation,” says a message posted on the hackers’ website on Monday, along with the seals of the FBI, the U.K. National Crime Agency (NCA) and a host of other law enforcement agencies from Australia to Germany.

An NCA spokesperson confirmed to CNN that a law enforcement operation against LockBit 3.0 was underway, adding that the agency will publicly disclose more details on Tuesday.

An FBI spokesperson told CNN: “There will be a formal announcement and additional details to follow.”

Seizing a ransomware group’s dark web site forces cybercriminals to set up new computer infrastructure to extort victims. It can also signal deeper law enforcement access to the hackers’ networks. In another operation against a ransomware gang announced a year ago, the FBI said it had access to decryption software that saved victims about $130 million in ransom payments.

Analysts believe LockBit has members or criminal partners in Eastern Europe, Russia and China. Like other cash-flush ransomware groups, LockBit rents out its ransomware to “affiliates,” who use the malicious code in attacks, then takes a cut of the ransom paid out by victims.

LockBit accounts for a quarter of the ransomware market based on victim information the hackers have posted online, according to Don Smith, vice president of threat research at cybersecurity firm Secureworks.

This operation is the latest move in a multi-year struggle between the FBI and its allies around the world and ransomware gangs that are often based in Eastern Europe and Russia.

While there have been notable arrests and law enforcement seizures of millions of dollars worth of ransom payments, the ransomware economy continues to thrive.

Cybercriminals extorted a record $1.1 billion in ransom payments from victim organizations around the world last year despite U.S. government efforts to cut off their money flows, crypto-tracking firm Chainalysis estimated.

“It is highly unlikely core members of the LockBit group will be arrested as part of this operation since they are based in Russia,” Allan Liska, a ransomware expert with cybersecurity firm Recorded Future told CNN.

Nonetheless, he said, the law enforcement seizure of LockBit’s website “means there will be a significant, if short-lived, impact on the ransomware ecosystem and a slow-down in attacks,” Liska said.

“LockBit has also developed a reputation as one of the most ruthless ransomware operators, encouraging affiliates to target hospitals and schools,” he added. “My hope is that these sectors will get some breathing room to build their defenses.”

Source link


National Cyber Security