Rockbit, a notorious cybercrime organization that holds victims’ data for ransom, has been thwarted in an extraordinary international law enforcement operation by the UK’s National Crime Agency, the FBI, Europol and the International Federation of Police Agencies. This was revealed in a post from the organization. Blackmail website.
“This site is currently under the control of the UK National Crime Agency, working closely with the FBI and the international law enforcement force Operation Chronos,” the post said on Monday.
An NCA spokesperson confirmed the NCA had disrupted the gang and said the operation was “ongoing and evolving”. A Rockbit representative did not respond to a request for comment from Reuters, but posted a message on an encrypted messaging app saying the company has backup servers that are immune to law enforcement actions.
The U.S. Department of Justice and FBI did not respond to requests for comment.
The post also names other international police organizations in France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland and Germany.
LockBit and its affiliates have hacked some of the world’s largest organizations in recent months. The gang makes money by stealing sensitive data and threatening to leak it unless victims pay exorbitant ransoms. Its affiliates are like-minded criminal groups recruited to carry out attacks using LockBit’s digital extortion tools.
Ransomware is malicious software that encrypts data. LockBit forces targets to pay a ransom to decrypt or unlock their data using a digital key.
LockBit was discovered in 2020 after its malicious software was discovered on a Russian-language cybercrime forum, and some security analysts believe the gang is based in Russia.
However, the gang does not profess support for any government, and no government has officially attributed it to any particular country. On its now-defunct dark web site, the group said it was “based in the Netherlands, completely apolitical and only interested in money.”
“They’re the Walmart of ransomware groups, and they run it like a business. That’s what makes them different,” said John DiMaggio, chief security strategist at US-based cybersecurity firm Analyst1. talk. “They are probably the largest ransomware group today.”
LockBit has attacked more than 1,700 organizations across nearly every industry, and U.S. officials say the group is the world’s largest ransomware threat. Last November, Rockbit released internal data from Boeing, one of the world’s largest defense and space contractors.
Delete the notice issued to Rockbit by the global intelligence group. Photo: Reuters
In early 2023, Royal Mail faced severe disruption following an attack by the group.
According to cybersecurity research website vx-underground, Rockbit said in a Russian-language statement shared on the encrypted messaging app Tox that the FBI attacked a server running in the programming language PHP. .
The statement, which could not be independently verified by Reuters, added that there is a backup server that does not include PHP and “has not been touched.”
After newsletter promotion
In X, a screenshot shared by vx-underground showing the control panel used by LockBit affiliates to launch attacks was replaced with a message from law enforcement. “We have the source code, details of the victims you attacked, amounts extorted, stolen data, chats, etc.”
“I may contact you soon. Have a nice day.”
Prior to its removal, LockBit’s website displayed an ever-growing gallery of victim organizations updated almost daily. Next to their names was a digital clock indicating the number of days left until the ransom payment deadline given to each organization.
On Monday, LockBit’s site displayed a similar countdown, but the law enforcement agency that hacked the hackers said: “Please return here on Tuesday, February 20th at 11:30 GMT for more information.” A message was displayed.
Don Smith, vice president of Secureworks, a division of Dell Technologies, said LockBit is the most prolific and dominant ransomware operator in the competitive underground market.
“To put today’s takedown in context, LockBit had a 25% share of the ransomware market based on leak site data,” Smith said. “Their closest competitor was BlackCat at about 8.5%, but then it really started to fragment.
“LockBit is dwarfing all other groups, and today’s action is critical.”
Source: www.theguardian.com
