Infamous cybercrime gang 'Lockbit' taken down in huge operation
A website run by an infamous criminal gang to distribute ransomware for use in cyber attacks has been taken over in a huge operation by the UK and the FBI.
The site, belonging to the group LockBit, was overlaid with a message on Monday evening saying it was "now under the control of law enforcement". Director General of the National Crime Agency (NCA) Graeme Biggar has announced that an international law enforcement coalition of 10 countries, including the FBI, had "hacked the hackers" and taken down a prolific ransomware site.
Speaking at a press conference in Westminster on Tuesday, he said that LockBit had been the most prolific ransomware group in the last four years and was behind 25% of attacks in the past year. It has caused losses of billions in ransom payments and the cost of recovering data, with targets including major companies and public services including hospitals. He said the gang had caused "enormous harm and cost".
Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid to release them. On its now-defunct dark website, the group said it was "located in the Netherlands, completely apolitical and only interested in money". Before it was taken down, Lockbit's website displayed a gallery of victim organisations that was updated almost daily. Next to their names were digital clocks that showed the number of days left to the deadline given to each organisation to provide ransom payment.
There are more than 200 victims in the UK and thousands internationally. NCA investigators found that the gang behind the ransomware attacks did not always delete data when victims paid ransoms. It said it has found more than 1,000 decryption keys held by the group and will be contacting UK-based victims to help them recover encrypted data.
Man in 30s dies after being stabbed in park sparking police probeMr Biggar said: "Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems." The National Cyber Security Centre (NCSC) has previously warned that ransomware remains one of the biggest cyber threats facing the UK and urges people and organisations not to pay ransom if they are targeted.
Chester Wisniewski, director, and global field CTO at cybersecurity firm Sophos said the operation was a "huge win" for law enforcement, but warned that it was unlikely to have fully disrupted LockBit. Wisniewski said: "Lockbit rose to be the most prolific ransomware group since Conti departed the scene in mid-2022. The frequency of their attacks, combined with having no limits to what type of infrastructure they cripple has also made them the most destructive in recent years.
"Anything that disrupts their operations and sows distrust amongst their affiliates and suppliers is a huge win for law enforcement. We shouldn't celebrate too soon though. Much of their infrastructure is still online, which likely means it is outside the grasp of the police and the criminals have not been reported to have been apprehended. Even if we don't always get a complete victory, imposing disruption, fuelling their fear of getting caught and increasing the friction of operating their criminal syndicate is still a win. We must continue to band together to raise their costs ever higher until we can put all of them where they belong, in jail."