Lockbit Ransomware Group Disrupted
At Least For Now
As has been widely reported, on Tuesday, February 20, 2024, in a Press Release, titled "U.S. and U.K. Disrupt LockBit Ransomware Variant," published by the US Department of Justice, DOJ announced the following:
The U.K. National Crime Agency’s (NCA) Cyber Division, working in cooperation with the Justice Department, Federal Bureau of Investigation (FBI), and other international law enforcement partners disrupted LockBit’s operations by seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data.
A joint operation had seized "numerous public-facing websites
used by LockBit to connect to the organization’s infrastructure and
seizing control of servers used by LockBit administrators, thereby
disrupting the ability of LockBit actors to attack and encrypt networks
and extort victims by threatening to publish stolen data."
Several arrests of criminals associated with Lockit were also announced
by DOJ.
Moreover, and what may certainly be good news to Lockbit victims, quoting Attorney General, Merrick Garland, law enforcement had "obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data." A website has been setup by DOJ with a form for Lockbit victims to make a request "to enable law enforcement to determine whether affected systems can be successfully decrypted." The address of that website is https://lockbitvictims.ic3.gov/.
As reported by the BBC, Ciaran Martin, the former head of the UK's
National Cyber Security Centre, declared, "On the face of it,
this is one of the most consequential disruptions ever undertaken
against one of the giants of ransomware, and certainly by far the
biggest ever led by British police."
Not to be the skunk in the garden party of cybersecurity, but whether or not Lockbit is now "wholly owned" by law enforcement, as Martin boasted, remains to be seen. The FBI carried out a similar operation against the BlackCat ransomware group in December 2023. In a statement that echoed today's announcement, on December 19, 2023, the DOJ boasted that it had disrupted the BlackCat group's operation; had seized servers; and provided a decryption tool to help victims of Blackcat retrieve their data. As SecurityWeek reported, February 19, 2024, the BlackCat group is still very much in operation. The cybercrooks have claimed responsibility for the recent attacks on LoanDepot and Prudential Financial. Moreover, Uncle Same admits that it has not yet defeated BlackCat. On February 15, 2024, the US State Department announced "up to $10 million for information leading to the identification or location of anyone who holds a key leadership position in the Transnational Organized Crime." A similar $10 million reward is offered for information that will lead to the criminals not yet under prosecution for their involvement in Lockbit.
All this is certainly good news for all who wish to see some sanity return to cyberspace, and certainly to those who have fallen victim to LockBit. Hopefully, the collective efforts of international law enforcement will lead to the total elimination of the threat posed to many organizations worldwide who might still be in LockBit's crosshairs. The unfortunate truth, however, is that LockBit and similar threat actors ultimately operate outside of the reach of the US and its allies law enforcement agencies. Nonetheless, today's news represents one battle won against these international criminals.
Gerald Reiff
| Back to Top | ← previous post | next post → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||