U.S., partners disrupt ransomware group that targeted Fulton County | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Merrick Garkland (Justice Department)

The LockBit ransomware group that claimed responsibility for a cyber attack against Fulton County has been disrupted by the United States, United Kingdom, and other international law enforcement partners, according to an announcement today by the Department of Justice.

LockBit’s operations were disrupted through the seizure of many public-facing websites it used to connect its infrastructure. The law enforcement partners also seized control of servers LockBit administrators used, which disrupted the ability of the hackers to attack and encrypt networks and then extort victims through the threat of publishing stolen data.

“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” Attorney General Merrick B. Garland said, according to the Justice Department press release.

Fulton County Commission Charman Robb Pitts confirmed on Feb. 14 that the LockBit group claimed responsibility for the cyber attack against Fulton County. LockBit posted a list of documents it said were from the county’s servers along with a deadline clock. The Fulton County posts disappeared from the site, but county officials have not confirmed if a ransom was paid to the hackers.

Garland said law enforcement has also obtained keys from the LockBit infrastructure that was seized to help ransomware victims decrypt their systems to regain access to their data.

The U.K. National Crime Agency’s (NCA) Cyber Division, working in cooperation with the Justice Department, FBI, and other international law enforcement partners, took part in the joint operation against LockBit, which has targeted more than 2,000 victims and received more than $120 million in ransom payments.

Decryption capabilities have been developed by the NCA with the FBI and other partners that may enable victims around the world to restore their systems that were encrypted using the LockBit ransomware variant.

An indictment was unsealed by the Justice Department that charged Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against victims throughout the United States. The victims included businesses in manufacturing and other industries, as well as victims around the world in the semiconductor and other industries. More criminal charges against Kondratyev were unsealed in the Northern District of California related to his deployment in 2020 of ransomware against a victim located in California.

Two search warrants were unsealed that were issued in the District of New Jersey. The warrants authorized the FBI to disrupt multiple U.S.-based servers used by Lockbit members. Those servers host the “StealBit” platform, a criminal tool used by LockBit members.


Click Here For The Original Source.


National Cyber Security