Ransomware Network LockBit Seized And Repurposed To Expose Hackers
Ransomware network LockBit seized and repurposed to expose hackers. The UK's National Crime Agency has disclosed that law enforcement now holds the complete "command and control" infrastructure of the ransomware group LockBit.
Author:Daniel BarrettFeb 21, 20242 Shares1977 Views
Ransomware network LockBit seized and repurposed to expose hackers. The UK's National Crime Agency has disclosed that law enforcement now holds the complete "command and control" infrastructure of the ransomware group LockBit. This comes after the agency seized the criminal gang's website in a coordinated global operation.
Four arrests have already been made as a result of the flood of hacked data retrieved from the hackers. Authorities pledged on Tuesday to utilize the technology to unveil the operations of the group to the public.
The collaborative effort involving the NCA, FBI, Europol, and a coalition of international police agencies was unveiled through a post on LockBit's website. The message stated: "This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement taskforce Operation Cronos."
According to Europol, two individuals associated with LockBit were apprehended in Poland and Ukraine, while two others, believed to be affiliates, were arrested and charged in the US. Additionally, two Russian nationals, still at large, have been identified. Furthermore, authorities have frozen over 200 cryptocurrency accounts associated with the criminal organization.
The extent of disruption to the LockBit operation is much larger than initially disclosed. In addition to gaining control of the public-facing website, the NCA confiscated LockBit's main administration environment - the infrastructure crucial for managing and deploying the technology used to extort businesses and individuals globally.
“„Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems. As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity.- Graeme Biggar, Director General of the NCA
The organization is at the forefront of the "ransomware as a service" model, wherein it delegates target selection and attacks to a network of semi-independent "affiliates," furnishing them with tools and infrastructure while earning a commission on the ransoms collected in return.
In addition to traditional ransomware tactics, which involve encrypting data on compromised devices and demanding payment for decryption keys, LockBit also engaged in data exfiltration. The group copied stolen data and threatened to release it unless the ransom was paid, pledging to delete the copies upon receiving payment.
However, the NCA revealed that this promise was deceptive. Upon investigation, it was found that some of the data found on LockBit's systems belonged to victims who had already paid the ransom.
Home Secretary James Cleverly remarked, "The NCA’s world-leading expertise has delivered a major blow to the people behind the most prolific ransomware strain in the world."
"The criminals running LockBit are sophisticated and highly organised, but they have not been able to escape the arm of UK law enforcement and our international partners."
The "hack back" campaign also retrieved over 1,000 decryption keys designated for LockBit attack victims. Authorities will reach out to these victims to assist them in recovering their encrypted data.
In a blog post last month, Ciaran Martin, former head of the National Cybersecurity Centre, highlighted the challenges posed by the involvement of Russian hackers in cybercrime, undermining many standard law enforcement tactics. "Impose costs when we can: there are things we can do to harass and harry cybercriminals," he warned." But this will not be a strategic solution for as long as the Russia safe haven exists."
Daniel Barrett
Author
Latest Articles
Popular Articles