Hackers who targeted Royal Mail locked out of own site
A RUSSIA-LINKED cyber gang behind the hacking of Royal Mail has been locked out of its own website after a cyber raid led by Britain’s National Crime Agency (NCA) and the FBI.
Lockbit’s website was taken down late on Monday night and replaced with a notice that said it is now “under the control of law enforcement”.
Anyone trying to log into Lockbit’s website is now met with the message: “We may be in touch with you very soon. Have a nice day.”
Police investigators claimed to have broken into their IT systems, frozen 200 cryptocurrency accounts linked to the group and made multiple arrests.
The crackdown was a joint operation between the FBI, NCA and Europol to disrupt a hacking group that has targeted major businesses and extorted hundreds of millions of dollars.
More than a year ago Lockbit, a gang numbering in the hundreds, hacked Royal Mail and knocked out its international delivery service for weeks.
American prosecutors said Lockbit had extorted a total of $120m (£95m) from ransom victims in the US alone. Graeme Biggar, director general of the NCA, said: “As of today, Lockbit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity.”
Mr Biggar said that while a large number of the cyber criminals were based in Russia, the agencies had not seen evidence of state sponsored support. However, he said authorities there appeared to be turning a blind eye to the hacking gang.
Mr Biggar said: “There’s clearly some tolerance of cyber criminality within Russia. We have not seen the Russian authorities crack down and arrest the cyber criminals we know operate in their jurisdiction so we can read into that they tolerate that activity.”
Hundreds of people are thought to be in the gang. The NCA said they had identified a hierarchy. James Cleverly, the Home Secretary, said: “The NCA’S world-leading expertise has delivered a major blow to those behind the world’s most prolific ransomware strain.”
However, an alleged gang spokesman said backup servers remain operational.