I spotted this yesterday but didn’t read it then. So, I decided to look up sources to determine where I can cover this excellent news and I found one over at my newest source, Cybernews. Its at the top of the page as I write.
So, Who is Lockbit?
The LockBit group first appeared on the ransomware scene sometime in late 2019, according to industry insiders. Since then, the gang has climbed to the top of the food chain, topping many lists in terms of victimized organizations.
Even though the gang tried to maintain a fake image of ‘ethical’ criminals, its affiliates did not restrain from attacking public institutions. In early February, attackers breached Saint Anthony Hospital, a non-profit children’s hospital. In January, LockBit claimed an attack against Saint Anthony Hospital in Chicago.
The threat actors are said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa. The gang’s notorious ransomware variant LockBit 3.0 – also known as LockBit Black – is now in its third iteration and is considered the most evasive version of all previous strains, a US Department of Justice report said. The variant also happens to share similarities with two other Russian-linked ransomware, BlackMatter and ALPHV, the DOJ said.
These are the highlights of this section that I want to highlight. This group was at around 47 percent of the entire attack chain, making it number one for awhile.
The thing is, these guys have been active for almost as long as I’ve been here. I can’t say that for certain, as no official month start and end date are given but it feels that way.
LockBit cartel was humiliated with law enforcement agencies from the UK, USA, and Europol issuing official an announcement on the gangs’ bust via LockBit’s leak site. Data samples that authorities provided suggest the cartel has been penetrated to its very core.
In an unprecedented display of showmanship, law enforcement agencies from ten countries chose to announce the results of the months-long Operation Cronos, led by the UK National Crime Agency (NCA), using the ransomware cartel’s online infrastructure. A message at the bottom of the blog says that LockBit’s websites will be closed down on February 24th.
“The months-long operation has resulted in the compromise of LockBit’s primary platform and other critical infrastructure that enabled their criminal enterprise. This includes the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States, and the United Kingdom,” Europol said.
The operation against LockBit appears to be a very thorough one, with authorities providing numerous screenshots of LockBit’s backend, which includes admin panel conversations and crypto addresses, which at least in theory should allow to follow the movement of illegal funds.
We know that actors have been arrested in other countries and the article highlights this.
“Two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities. The French and US judicial authorities have also issued three international arrest warrants and five indictments. Authorities have frozen more than 200 cryptocurrency accounts linked to the criminal organization, underscoring the commitment to disrupt the economic incentives driving ransomware attacks,” Europol’s statement reads.
The NCA claims to have taken over parts of the LockBit technical infrastructure that allows its service to operate, including the gang’s leak site. Moreover, the agency obtained over 1,000 decryption keys, which will allow victims to regain access to data that cybercrooks have encrypted.
If you want to read the rest of the story, please do so. LockBit cartel disrupted “at every level” – Europol is the article.
As the Shadow has always said in that old time radio program: “Crime does not pay. The Shadow knows.” The laugh may be an addition, but this is one of those I think we need to celebrate.
There is plenty more you can read about the takedown, so go! Celebrate! We’ll blog more later. Have a great day!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.