The FBI and other agencies have disrupted a ransomware syndicate, known as LockBit, that was behind a series of global cyberattacks that extracted at least $120 million, according to the United Kingdom’s National Crime Agency (NCA).
“Today, after infiltrating the group’s network, the NCA has taken control of LockBit’s services, compromising their entire criminal enterprise,” according to an NCA press release, adding that the syndicate’s attacks have “targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery.”
The law enforcement agencies also took two people into custody — one from Poland and the other from Ukraine, The Associated Press reported. The Justice Department unsealed indictments against two others, per the AP, which were both Russian nationals.
The group provided ransomware to a global network of hackers and “affiliates” by supplying the tool and infrastructure needed to carry out such cyberattacks, according to the release.
“When a victim’s network was infected by LockBit’s malicious software, their data was stolen and their systems encrypted,” according to the release. “A ransom would be demanded in cryptocurrency for the victim to decrypt their files and prevent their data from being published.”
NCA Director General Graeme Biggar called the agency’s investigation with other international partners “a ground-breaking disruption of the world’s most harmful cyber crime group.”
“Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems,” Biggar said in the release.
“As of today, LockBit are locked out,” he continued. “We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity.”
U.S. Attorney General Merrick Garland also said that law enforcement from the U.S. and the U.K. “are taking away the keys to their criminal operation.”
“And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data,” Garland said, according to the release. “LockBit is not the first ransomware variant the U.S. Justice Department and its international partners have dismantled. It will not be the last.”
The front page of LockBit’s site was replaced — hours before the announcement was made — with “this site is now under control of law enforcement,” alongside the flags of the U.K., the U.S. and other nations, AP reported.
The Associated Press contributed reporting.