Global police take down ransomware organization
A notorious cybercrime organization that extorts victims’ data has been disrupted by a collaboration of international law enforcement agencies.
The operation was carried out by the United Kingdom’s National Crime Agency, the United States’ Federal Bureau of Investigation, the European Union Agency for Law Enforcement Cooperation and a coalition of international police agencies, said a statement posted on Monday on the extortion website of LockBit, a cybercriminal organization known for developing and distributing ransomware.
“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the post said.
Spokespersons for the National Crime Agency and the US’ Department of Justice verified that the gang had been disrupted and the operation was “ongoing and developing”, Reuters reported.
Law enforcement agencies from Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden and Switzerland collaborated in the international police operation.
‘Foremost’ threat
Authorities in the US, where LockBit has targeted more than 1,700 organizations across a wide range of industries, have labeled the group as the foremost ransomware threat globally. Organizations targeted have been from sectors including financial services, food, schools, transportation and government departments.
LockBit’s revenue model relies on pilfering sensitive data and coercing companies to pay a ransom under the threat of information being exposed.
It first surfaced in 2020 when its malicious software appeared on Russian language cybercrime forums, prompting some security analysts to speculate that the gang originates from Russia. Despite this association, LockBit has not openly aligned with any government, and no governments have officially linked it to any specific country.
Jon DiMaggio, chief security strategist at US cybersecurity company Analyst1, told Reuters that LockBit is “the Walmart of ransomware groups”.
“They run it like a business — that’s what makes them different. They are arguably the biggest ransomware crew today,” DiMaggio said.
Don Smith, vice-president of Secureworks, a division of Dell Technologies, told Reuters that LockBit is the most prolific and dominant ransomware operator in the market.
“LockBit had a 25 percent share of the ransomware market. Their nearest rival was BlackCat at around 8.5 percent, and after that it really starts to fragment,” Smith said.