Inside dangerous world of Royal Mail hackers LockBit as police take control

809     0
The National Crime Agency of the UK and the FBI have taken control of LockBit
The National Crime Agency of the UK and the FBI have taken control of LockBit's site (stock photo) (Image: Getty Images/iStockphoto)

Victims of the world's most dangerous ransomware gang include a hospital for sick children and Royal Mail.

Ransomware is a growing concern around the world and cybersecurity incidents are on the rise. Ransomware involves a hacker tricking a person into downloading malware (software that is designed to disrupt) by clicking on a link or email attachment.

The hacker then encrypts the victim's computers and makes it impossible to access their own data. They then demand money, typically from a high-profile company or government organisation, to get the content back, and threaten to leak it publicly if they don't.

Notorious dark-web site LockBit is responsible for almost half of ransomware cyber-attacks across the world - but what is it and how does the cybercriminal group operate?

Who are LockBit?

LockBit refers to a cybercriminal group and the software they created. The group makes money by stealing sensitive data and threatening to leak it unless the victim pays a ransom.

Royal Mail announces fresh strike as pay dispute threatens more deliveries chaos eiqreidekidzeinvRoyal Mail announces fresh strike as pay dispute threatens more deliveries chaos

A statement previously on the dark web blog claimed the hackers are "located in the Netherlands, completely apolitical and only interested in money", according to Reuters. Likeminded criminal groups - dubbed 'affiliates' - are recruited to use LockBit's tools.

The gang was first discovered online in 2019 and then in 2020 when its malicious software was found on Russian language forums, leading some analysts to believe the group is based in Russia. It's also believed that LockBit has members in Eastern Europe and China.

In 2022, LockBit was the world's most prolific group using ransomware as a service (RaaS), according to various government agencies. It is reportedly responsible for 44 percent of all ransomware attacks across the world and has been most disruptive in the US.

Inside dangerous world of Royal Mail hackers LockBit as police take controlCybercriminals at LockBit formally apologised for one of its hackers attacking a Hospital for Sick Children in Toronto, US, in 2022 (Twitter/DailyDarkWeb)

Who has fallen victim?

High-profile victims of LockBit included the UK's Royal Mail and Ministry of Defence, Japanese manufacturer Shimano and German manufacturer Continental. The hacker group has claimed responsibility for a number of offences - including attacking the Hong Kong branch of Chinese newspaper China Daily in 2023.

Last year, aerospace giant Boeing was hacked by LockBit and financial trading services group ION - which includes some of the world's biggest banks - was disrupted by the gang. LockBit has rules for its 'affiliates' and bans hackers from targeting forbidden organisations - including hospitals and post-Soviet countries - but there is always potential for rogue users.

In 2022, a group of hackers attacked Toronto's Hospital for Sick Children and LockBit stopped the attack, apologised and offered a free solution to recover the data. LockBit 'formally apologised' and said on its site: "The partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program."

What happened to LockBit?

On Monday evening, a message appeared on the hackers' website that said the "site is under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

It added: "We can confirm that Lockbit's services have been disrupted as a result of International Law Enforcement action - this is an ongoing and developing operation." It said more information would be posted on the site at 11:30 GMT on Tuesday, February 20.

The UK's National Cyber Security Centre (NCSC) has previously warned about the "enduring threat" posed by the cybercriminal group. An FBI spokesperson told CNN yesterday: "There will be a formal announcement and additional details to follow."

Allan Liska, a ransomware expert from cybersecurity firm Recorded Future, told the US news site: "It is highly unlikely core members of the LockBit group will be arrested as part of this operation, since they are based in Russia." He noted the law enforcement's seizure of the site "means there will be a significant, if short-lived, impact on the ransomware ecosystem and a slow down in attacks".

Royal Mail stops 'suspicious parcel' and finds drugs hidden with flu tabletsRoyal Mail stops 'suspicious parcel' and finds drugs hidden with flu tablets

He added: "LockBit has also developed a reputation as one of the most ruthless ransomware operators, encouraging affiliates to target hospitals and schools. My hope is that these sectors will get some breathing room to build their defenses."

Nia Dalton

Print page

Comments:

comments powered by Disqus