In a major blow to global cybercrime, law enforcement agencies from the United States and the United Kingdom have teamed up to disrupt the operations of the LockBit ransomware group, one of the most active and prolific in the world. This joint effort, announced yesterday in London, involved seizing crucial infrastructure, charging individuals behind the attacks, and offering decryption assistance to victims worldwide.
Taking Down the LockBit Web
The joint operation successfully disabled multiple public-facing websites used by LockBit to connect with their infrastructure and control servers. This effectively choked off their ability to launch new attacks and communicate with victims, significantly disrupting their criminal enterprise.
Justice for Victims
US indictments have been unsealed, charging two Russian nationals, Artur Sungatov and Ivan Kondratyev (also known as Bassterlord), with deploying LockBit against numerous victims in the US and internationally. Sungatov is accused of targeting businesses across various industries, while Kondratyev allegedly focused on municipal and private entities. Additionally, Kondratyev faces separate charges for a ransomware attack using Sodinokibi (REvil) in California.
Helping Victims Regain Control
Recognizing the impact on victims, the UK National Crime Agency (NCA) and the FBI have collaborated to develop decryption tools that could potentially help hundreds of victims globally recover their encrypted data. Victims targeted by LockBit are encouraged to contact the FBI through a dedicated website (https://lockbitvictims.ic3.gov/) to determine if their systems can be decrypted.
A Strong Message to Cybercriminals
This coordinated takedown sends a clear message to cybercriminals: their activities will not go unchecked. US Attorney General Merrick B. Garland declared this operation a significant blow to LockBit and a warning to other ransomware groups. He emphasized the Justice Department's unwavering commitment to dismantling such criminal enterprises, working alongside international partners to uphold cybersecurity and protect victims. “Today, the FBI and our partners have successfully disrupted the LockBit criminal ecosystem, which represents one of the most prolific ransomware variants across the globe,” said FBI Director Christopher A. Wray. “Through years of innovative investigative work, the FBI and our partners have significantly degraded the capabilities of those hackers responsible for launching crippling ransomware attacks against critical infrastructure and other public and private organizations around the world. This operation demonstrates both our capability and commitment to defend our nation's cybersecurity and national security from any malicious actor who seeks to impact our way of life. We will continue to work with our domestic and international allies to identify, disrupt, and deter cyber threats, and to hold the perpetrators accountable.”
The LockBit Threat
LockBit was not just another ransomware group; it was a global menace. LockBit software gains initial access to computer systems using purchased access, unpatched vulnerabilities, insider access, and zero-day exploits, in the same way as other malware. LockBit then takes control of the infected system, collects network information, and steals and encrypts data.
Since its emergence in 2019, it has targeted over 2,000 victims across various sectors, including critical infrastructure, businesses, government agencies, healthcare and education sectors. Their attacks have been particularly devastating, employing a "double extortion" tactic where they not only encrypt victim data but also steal it, threatening to leak it publicly if ransom demands are not met. This has resulted in significant financial losses and operational disruptions for victims, with LockBit amassing over $120 million in ransom payments alone.
