Lockbit cybercrime gang faces global takedown with indictments and arrests


FILE PHOTO: A screenshot taken on February 19, 2024 shows a take down notice that a group of global intelligence agencies issued to a dark web site called Lockbit. Handout via REUTERS/File Photo

LONDON/WASHINGTON (Reuters) - An international law enforcement operation led by Britain's National Crime Agency and the FBI has arrested and indicted members of the Lockbit ransomware gang, in an unprecedented police operation that has struck one of the world's most notorious cybercrime gangs.

The United States unsealed an indictment on Tuesday charging two Russian nationals with deploying Lockbit ransomware against companies and groups around the world, the Department of Justice announced.

The indictment was made public as the NCA, U.S. Department of Justice, FBI and Europol gathered in London to announce the disruption of the gang, which has targeted over 2,000 victims worldwide, received more than $120 million in ransom payments and demanded hundreds of millions of dollars, the DOJ said.

Britain's National Crime Agency Cyber Division, with the U.S. Department of Justice, the FBI and other law enforcement seized control of websites used by Lockbit in a rare international operation, the gang and U.S. and UK authorities said.

“We have taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems,” Graeme Biggar, director general of the National Crime Agency, told journalists.

The law enforcement operation, dubbed “Operation Cronos” was an international coalition of 10 countries, he said. “Together, we have arrested, indicted or sanctioned some of the perpetrators and we have gained unprecedented and comprehensive access to Lockbit’s systems”.

“As of today, Lockbit is effectively redundant,” he added. “Lockbit has been locked out”.

Obtained in New Jersey, the unsealed indictment charges Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with using Lockbit ransomware to target victims in manufacturing, logistics, insurance and other companies in five states and Puerto Rico, as well as in semiconductor and other industries around the world.

Additional criminal charges against Kondratyev were unsealed on Tuesday related to his use of ransomware in 2020 against a victim in California, the Justice department said.

In addition to the U.S. indictments, police in Poland and Ukraine also made two arrests, Europol Deputy Executive Director Operations Jean-Philippe Lecouffe told reporters.

“An unprecedented amount of data gathered from this investigation is now in the hands of law enforcement,” he said.

Lockbit and its affiliates have hacked some of the world’s largest organisations in recent months. The gang makes money by stealing sensitive data and threatening to leak it if victims fail to pay a ransom. Its affiliates are like-minded criminal groups that Lockbit recruits to wage attacks using its digital extortion tools.

Ransomware is malicious software that encrypts data. Lockbit makes money by coercing its targets into paying ransom to decrypt or unlock that data with a digital key.

Before it was taken down, Lockbit's website displayed an ever-growing gallery of victim organisations that was updated nearly daily. Next to their names were digital clocks that showed the number of days left to the deadline given to each organisation to provide ransom payment.

On Tuesday, the Lockbit leak website had been transformed by the NCA, FBI and Europol into a leak site about the criminal gang itself, onto which international police agencies published internal data from inside the group, and countdown clocks threatening to reveal upcoming sanctions and the identity of Lockbit’s ringleader, “LockbitSupp”.

A representative for Lockbit did not respond to messages from Reuters seeking comment but did post messages on an encrypted messaging app saying it had backup servers not affected by the law enforcement action.

(Reporting by James Pearson in London, Katharine Jackson in Washington and Karen Freifeld in New York; Editing by Lisa Shumaker)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Japan Airlines delays flights after cyberattack
Japan airlines experiencing issues due to cyberattack
The war on wildfires is going high-tech
Opinion: Why I’m getting rid of my smartwatch
How smartphones powered the AI boom in 2024
JAL's systems back to normal after cyberattack delayed flights
'Marvel Rivals' climbs gamer charts in win for NetEase, Disney
How Finnish youth learn to spot disinformation
Opinion: In sunny Tahoe, a hollow-eyed tech billionaire pretends to be normal
An Apple AI blunder messed up headline summaries so badly some want the feature pulled

Others Also Read