[ad_1]
This malicious ransomware variant has been deployed by criminal hackers to extort tens of millions of dollars from victims around the world, from global banks to local schools. It is widely believed to be manipulated by Russia.
Two people were arrested on Tuesday morning in Poland and Ukraine as part of the joint operation, and more than 200 cryptocurrency accounts were frozen, the NCA said in a statement. In the United States, the Department of Justice announced criminal charges against two Russian individuals for using LockBit to carry out ransomware attacks. Both men were said to be in custody in the United States.
In a statement, NCA chief Graham Biggar described Rockbit as the world’s “most harmful cybercriminal group”. “Through close cooperation, we hacked the hackers. We took control of the infrastructure, seized the source code, and obtained keys to help victims decrypt their systems. As of today, LockBit has You’re out.”
British law enforcement authorities obtained more than 1,000 “decryption keys” that could be used to recover victims’ stolen data, and discovered extensive infrastructure deployed by Rockbit and its 28 affiliates to steal that data. announced that they had seized a server belonging to .
The NCA has revealed details of an international subversive operation targeting Rockbit, the world’s most harmful cybercrime group.
Watch our video to learn more about Lockbit and why this is a major step in the collective fight against cybercrime. pic.twitter.com/m00VFWkR9Z
— National Crime Agency (NCA) (@NCA_UK) February 20, 2024
The first signs of this news appeared late Monday. A notice was posted on Rockbit’s website stating: “This site is currently under the control of the UK National Crime Agency, working closely with the FBI and international law enforcement force Operation Chronos. There it was written.
Criminals use LockBit ransomware to hack into targeted organizations’ internal databases, extract sensitive data, and attempt to extort money from victims. According to the Department of Justice, this malicious software was used to extort ransom payments of more than $120 million from more than 2,000 victims. According to the U.S. Cybersecurity and Infrastructure Security Agency, it became the most commonly deployed ransomware in the world in 2022.
“Many would argue that LockBit is one of the most significant ransomware threats and the most prolific group today,” Jason Nurse, a cybersecurity expert at the University of Kent in the UK, said on Tuesday. said in an email. “These groups are well-funded, run like businesses, and are very cautious in their approach,” he added, calling the raids significant.
US authorities classify LockBit as a “ransomware-as-a-service” model. This means providing third-party criminals with access to the group’s ransomware variants in exchange for a one-time fee or ongoing payments. “This has significantly increased the scale of LockBit attacks and made them very frequent,” Nurse said.
According to the FBI, the tool has been used in more than 1,700 cyberattacks in the United States, with targets ranging from local schools to global aerospace giants.
Nurse said LockBit’s creators appear to be using malware to compromise systems and demand ransoms for financial gain. “If payment is not made, the group threatens to publish the stolen data on a leaked website, a tactic known as double extortion,” he said. Reuters reported in November that Rockbit released data stolen from Boeing following a ransomware attack that the company confirmed.
In the same month, LockBit launched a ransomware attack against the financial services division of ICBC, a major Chinese bank, which shook financial markets in an unusual attack targeting the banking sector. The tool was also used to disrupt the UK postal service last year, disrupting international parcel exports for a week.
In 2022, Rockbit announced that its ransomware was used to target a children’s hospital and apologized. The company provides hospitals with decryption tools to unlock their systems and issues policy guidance prohibiting criminals from using its software in attacks where “damage to files can lead to death.” It is reported that he did.
British law enforcement agencies have previously warned against focusing too much on tackling individual ransomware variants, likening the strategy to a game of whack-a-mole. “On the surface, the attack could be attributed to ransomware (such as Lockbit), but the reality is more nuanced as there are numerous cybercriminals involved throughout the process,” he said. Masu. Blocking individual ransomware variants “is akin to treating the symptoms of a disease, with limited effectiveness unless the underlying disease is addressed,” the agency said.
Nurse said the broader impact of Operation Kronos to dismantle Rockbit’s criminal activities will depend on whether law enforcement is also successful in seizing source code, victim details and chats between affiliated companies. Stated.
“Assuming this is the case, this group and its Related organizations may disband their activities,” he said.
[ad_2]
Source link
