- An international law enforcement collaboration has taken down infrastructure related to the LockBit ransomware syndicate.
- LockBit has been known as a prolific gang responsible for numerous ransomware attacks on civic institutions and infrastructure.
An international law enforcement effort, including the FBI and the U.K.’s National Crime Agency, resulted in the seizure of infrastructure such as servers, disrupting operations of the LockBit ransomware syndicate. The operation included sanctions, several indictments, court actions, the takeover of LockBit’s website, and rewards worth millions of dollars.
According to the FBI, the website was used to expose the data of victims impacted by the ransomware through file-sharing services and communication servers. Law enforcement agents also accessed approximately 1,000 decryption keys belonging to the LockBit Ransomware gang, potentially opening doors for the recovery and restoration of data locked by LockBit operations.
William Wright, CEO of Closed Door Security, stated: “LockBit is the most prolific ransomware gang to ever have existed, and it was responsible for devastating attacks on hundreds of businesses, including the Royal Mail, which cost the organization millions to recover from, so it’s not surprising the UK’s NCA wanted to feature so heavily in this disruption. LockBit not only carried out attacks by its operators, but it also ran a ransomware-as-a-service (RaaS) infrastructure which could be rented out by its affiliates to launch attacks. Enterprises must therefore continue to protect their networks against ransomware. While law enforcement is making good progress, the battle is not over yet.”
See More: Roundcube Vulnerabilities Exploited by Russian Hackers to Attack More Than 80 Organizations
LockBit operations were first noticed in late 2019, and it is a highly prolific variant of ransomware used by hundreds of cybercriminal groups worldwide, resulting in over $100 million in ransom payments being made by target businesses and organizations globally. Most attacks targeted entities based in the U.S.
Groups that run ransomware like LockBit operate on affiliate networks leasing out access to central infrastructure and splitting profits from ransomware operations. The takedown comes under rules that allow the FBI to access systems under multiple jurisdictions for modifications if proof of cyberespionage and cybercrime exists.
Ryan McConechy, CTO of Barrier Networks, spoke about the threat: “When it comes to defence against ransomware, organisations must act before it is too late. This involves training on threats, implementing MFA to secure employee credentials, keeping systems up to date with patches, and getting a well-oiled and comprehensive incident response plan in place, so everyone can step straight into effective action, even when attacks do occur.”
On one hand, the development highlights ongoing efforts by federal law enforcement agencies to control the growing threat of global cybercrime operations. On the other, how long the impact of the FBI operations will last is largely uncertain. As per the FBI report, LockBit operators could potentially reconstitute a variant of the ransomware, but regaining control of the servers seems very unlikely.
What best practices does your organization follow to protect from spyware? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES