Washington – A ransomware service provider that targeted over 2,000 systems around the world, including hospitals in the United States, and made hundreds of millions of dollars in claims, was shut down Monday and Russian nationals were arrested as part of an international Charged with conspiring to distribute the malware, the Justice Department announced Tuesday.
The network of cybercriminals known as LockBit targets critical components of manufacturing, healthcare and logistics around the world and offers its services to hackers who deploy its malware into vulnerable systems and hold them hostage until a ransom is paid . According to officials, the attackers have so far extorted more than $120 million from their victims and their scheme has become one of the most notorious and active.
As part of this week's operation, the FBI and its law enforcement partners in the United Kingdom seized numerous publicly accessible platforms where cybercriminals could contact and join LockBit. Investigators also seized two servers in the United States that were used to transmit stolen victim data.
Click here to view related media.
Click to expand
The front page of the LockBit website was replaced with the words “This website is now under law enforcement control” and the flags of the United Kingdom, the United States and several other nations, the Associated Press noted.
A screenshot from February 19, 2024 shows a take-down notice issued by a group of international intelligence agencies to a dark website called Lockbit. Handout via Portal
According to Attorney General Merrick Garland, the US and its allies “went a step further” by obtaining the “keys” that can unlock compromised computer systems to help victims “regain access to their data” and them exempt from paying a ransom. The move could help hundreds of victims worldwide.
Two Russian nationals who allegedly used LockBit ransomware against companies across the U.S. — in Oregon, New York, Florida and Puerto Rico — were also charged in New Jersey as part of the Justice Department's latest crackdown on the group.
Artur Sungatov and Ivan Kondratyev joined a growing number of defendants whom federal prosecutors accuse of targeting American institutions as part of the LockBit program. A total of five people have now been charged, including one person who allegedly attacked Washington DC police.
LockBit was the most widely used version of ransomware in 2022, according to a joint cybersecurity advisory released last year by the FBI and the Cybersecurity and Infrastructure Security Agency, targeting “a number of critical infrastructure sectors, including financial services, food, and Agriculture”. Education, energy, government and emergency services, healthcare, manufacturing and transportation.”
The LockBit network was first discovered on Russian-speaking cybercrime platforms in 2020 and continued to evolve, targeting computer platforms and various operating systems. According to the report, 16% of ransomware attacks in the US by 2022 were carried out by the LockBit group.
Criminals typically gain access to vulnerable systems through phishing emails or when users visit an infected website while surfing the Internet. And US officials repeatedly warn users not to pay ransoms and instead contact law enforcement.
Federal investigators recently developed a new approach to combating ransomware attacks that can be both costly to victims and damaging to the normal functioning of society: arming victims with the tools they need to fend off a malware attack.
Similar to the LockBit operation, the FBI took down an international ransomware group called Hive in July 2022 and collected decryption keys for the computer networks it breached, conducting what officials called a “high-tech, 21st century cyber stakeout.” . FBI agents then distributed the keys to the victims whose networks were blackmailed.
And in August, investigators took down a criminal network called the Qakbot botnet – a group of computers infected with a malware program used to carry out cyberattacks. Law enforcement gained access to the QakBot infrastructure and “redirected” the cyber activity to servers controlled by US investigators, which were then able to inject the malware with a program that freed the victim's computer from the botnet and thus freed from the malicious host.
Victims of LockBit attacks are encouraged to contact the FBI for further assistance.
More Robert Legare