– / AFP
This photo released in London on February 20 by Britain's National Crime Agency (NCA) shows a screenshot of the LockBit website after it was taken down.
INTERNATIONAL – This is a major operation that will represent a milestone in the fight against cybercrime. The LockBit hacker group, considered “the most harmful” in the world, has been dismantled as part of an international police operation, authorities in several countries said on Tuesday, February 20.
“After infiltrating the group’s network, the NCA took control of LockBit’s services, putting its entire criminal enterprise at risk,” the agency said in a statement. “We hacked the hackers,” said Graeme Biggar, its chief executive, announcing the neutralization of LockBit during “Operation Cronos” during a press conference in London.
You cannot view this content because:
- By subscribing, you have opted out of cookies related to third-party content. You will therefore not be able to play our videos, which require third-party cookies to function.
- You are using an ad blocker. We recommend you disable it to access our videos.
If neither of these two cases apply to you, contact us at [email protected].
“This website is now under the control of law enforcement,” a message on the LockBit website now says, saying that the British NCA has taken control in collaboration with the American FBI and authorities from several countries.
You cannot view this content because:
- By subscribing, you have opted out of cookies related to third-party content. You will therefore not be able to play our videos, which require third-party cookies to function.
- You are using an ad blocker. We recommend you disable it to access our videos.
If neither of these two cases apply to you, contact us at [email protected].
HuffPost takes stock of this joint effort.
• How did LockBit work?
LockBit is considered one of the most active malware in the world and has already claimed more than 2,500 victims worldwide. Over the course of its existence, the hackers were able to specifically attack critical infrastructure and large industrial groups and demand ransoms of between 5 and 70 million euros.
“According to estimates, it is ransomware that accounts for a good quarter of attacks worldwide and can affect Europe,” emphasizes Jean-Philippe Lecouffe, deputy head of operations at Europol, to Le Monde. He describes a group that is “very attractive” to hackers because “all the tools have been made available.”
Unlike other groups, LockBit had become a real company that sold its services to other hackers in exchange for a percentage.
In November 2022, the US Department of Justice (DoJ) described LockBit ransomware as “the most active and destructive variant in the world.”
• How did the hackers actually do it?
Cybercriminals provided their “partners” with tools and infrastructure that enabled them to carry out attacks.
These consisted of infecting the victims' computer network to steal their data and encrypt their files.
A cryptocurrency ransom was then demanded to decrypt and restore the data, under threat of publishing the victims' data.
• How much money was LockBit able to raise?
According to the US, where five people, including two Russian nationals, are being prosecuted, the hacking group has stolen a total of more than $120 million in ransom money.
According to an American agency, LockBit has carried out more than 1,700 attacks in the United States alone since 2020, demanding a total of almost $91 million in ransoms, franceinfo reports.
However, according to the NCA, the ransomware caused losses totaling billions of euros when costs incurred by victims are added to the ransoms.
• Who was affected in France?
Of the 2,500 LockBit victims, more than 200 are in France, “including hospitals, town halls and companies of all sizes,” the Paris prosecutor's office said in a press release. In 2023, the group notably attacked the Corbeil-Essonnes and Versailles hospitals in the Paris region.
During the international Cronos operation, French investigators arrested and conducted searches on “two targets in Poland and Ukraine,” according to the same source.
The operation, according to the Paris prosecutor's office, made it possible to “take control of a significant part of the LockBit ransomware infrastructure, including on the darknet”, and in particular over the “Wall of Shame” where the data of those who were exposed was stored refused to pay the ransom were published.
You cannot view this content because:
- By subscribing, you have opted out of cookies related to third-party content. You will therefore not be able to play our videos, which require third-party cookies to function.
- You are using an ad blocker. We recommend you disable it to access our videos.
If neither of these two cases apply to you, contact us at [email protected].
• What about Russia?
According to the head of the NCA, the investigation did not reveal any “direct support” from the Russian state towards LockBit, but still showed a “tolerance” towards cybercrime in Russia. “They are cybercriminals, they are based all over the world, there is a large concentration of these individuals in Russia and they often speak Russian,” he said.
See also on HuffPost:
You cannot view this content because:
- By subscribing, you have opted out of cookies related to third-party content. You will therefore not be able to play our videos, which require third-party cookies to function.
- You are using an ad blocker. We recommend you disable it to access our videos.
If neither of these two cases apply to you, contact us at [email protected].