[ad_1]
The UK’s National Crime Agency has revealed that the entire “command and control” apparatus of ransomware group LockBit is now in the hands of law enforcement. It has been revealed that the bureau has seized a criminal organization’s website in an internationally coordinated operation.
A trove of data hacked from the hackers has already led to four arrests, and authorities vowed on Tuesday to reuse the technology to expose the group’s activities to the world.
The joint operation by the NCA, FBI, Europol and an international coalition of law enforcement agencies was revealed in a post on Rockbit’s own website: “This site is currently under the control of the UK National Crime Agency, working closely with the FBI and international law enforcement agency Operation Kronos.”
Europol announced that two people associated with Rockbit were arrested in Poland and Ukraine, and two defendants believed to be related to the company were arrested and charged in the United States. Two more people have been named and are Russian nationals who remain at large. Authorities also froze more than 200 cryptocurrency accounts associated with the criminal organization.
The confusion over LockBit’s operation is much greater than it first appeared. NCA not only seized control of the public website, but also LockBit’s primary administrative environment, the infrastructure that allowed it to manage and deploy the technology it was using to extort companies and individuals around the world. I got it under control.
“Through close collaboration, we hacked the hackers. We took control of the infrastructure, seized the source code and obtained keys to help victims decrypt their systems,” said NCA Director General Graham Biggar. said.
“As of today, LockBit is locked out. We have undermined the ability of a group that relied on secrecy and anonymity, and most importantly its credibility.”
The organization pioneered the “ransomware-as-a-service” model, outsourcing target selection and attacks to a network of semi-independent “affiliates” who provide the tools and infrastructure in return for ransom fees. receive. .
While ransomware typically works by encrypting data on an infected machine and demanding payment for the decryption key, LockBit copies the stolen data and releases it publicly if the fee is not paid. They threatened to do so and promised to delete the copies once the ransom was received. .
However, the NCA said that promise was false. Some of the data found on LockBit’s systems belonged to victims who paid the ransom.
Home Secretary James Cleverley said: “NCA’s world-leading expertise has delivered a huge blow to those behind the world’s most prolific ransomware.”
After newsletter promotion
“The criminals operating LockBit are sophisticated and highly organized, but they have not escaped the clutches of UK law enforcement and our international partners.”
The “Hackback” campaign has also recovered over 1,000 decryption keys intended for victims of LockBit’s attacks, and plans to contact victims to assist them in recovering their encrypted data.
Ciaran Martin, former director of the National Cyber Security Center, said in a blog post last month that Russian hackers’ involvement in cybercrime undermines many of the common tactics of law enforcement. “Impose costs where you can. There are things you can do to harass and harass cybercriminals,” he warned. “But as long as Russian safe havens exist, this will not be a strategic solution.”
[ad_2]
Source link
