Britain’s National Crime Agency (NCA) seized control of international ransomware group LockBit’s “command and control” infrastructure on Tuesday in a major law enforcement operation. The NCA plans to reuse its technology to expose the group’s activities to the world.
The joint operation by the NCA, FBI, Europol, and an international coalition of law enforcement agencies was revealed in a post on Rockbit’s own website. The post stated, “This site is currently under the control of the UK National Crime Agency, working closely with the FBI and international law enforcement agency Operation Kronos.”
Two people associated with LockBit were arrested in Poland and Ukraine, and two defendants believed to be related to the company were arrested and charged in the United States. Two more names have been released, but the Russian nationals are still at large. Authorities also froze more than 200 cryptocurrency accounts associated with the criminal organization.
According to the NCA, the disruption to LockBit operations is much more extensive than initially revealed. The agency not only seized control of the public website but also controlled Rockbit’s primary administrative environment, the management, and deployment of the hacking techniques it used to extort companies and individuals around the world. They also took control of the enabling infrastructure.
“Through close collaboration, we hacked the hackers. We took control of the infrastructure, seized the source code, and obtained keys to help victims decrypt their systems,” said NCA Director General Graham Biggar.
“As of today, LockBit is locked out. We have undermined the ability of a group that relied on secrecy and anonymity, and most importantly its credibility.”
The organization pioneered the ‘ransomware-as-a-service’ model, outsourcing the actual target selection and attack to a network of semi-independent ‘affiliates’, providing the tools and infrastructure, and paying ransom fees in return.
While ransomware typically works by encrypting data on an infected machine and demanding payment for the decryption key, LockBit copies the stolen data and releases it publicly if the fee is not paid. They threatened to do so and promised to delete the copies once the ransom was received.
However, the NCA said that promise was false. Some of the data found on LockBit’s systems belonged to victims who paid the ransom.
Home Secretary James Cleverley said: “The NCA’s world-class expertise has delivered a huge blow to those behind the world’s most prolific ransomware.”
After newsletter promotion
“The criminals operating LockBit are sophisticated and highly organized, but they have not escaped the clutches of UK law enforcement and our international partners.”
The “Hackback” campaign has also recovered over 1,000 decryption keys intended for victims of LockBit’s attacks, and plans to contact victims to assist them in recovering their encrypted data.
In a blog post last month, Ciaran Martin, former director of the National Cyber Security Center, said: Announcement of involvement of Russian hackers Cybercrime undermines many common law enforcement tactics. “Impose costs where you can. There are things you can do to harass and harass cybercriminals,” he warned. “But as long as Russian safe havens exist, this will not be a strategic solution.”
Source: www.theguardian.com
