Cybercrime: International investigators dismantle ransomware hacking group

Cybercrime
International investigators dismantle ransomware hacking group

International investigators say they have dismantled a hacker gang that is said to have extorted ransom money by stealing sensitive data. A spokesman for the National Crime Agency (NCA) confirmed the broadcaster Sky News the operation is ongoing. “More information” was announced for 12:30 p.m. (CET).

The Lockbit group’s website said: “This website is now under the control of the United Kingdom’s National Crime Agency, which works closely with the FBI and the international law enforcement task force Operation Cronos.” The British TV channel Sky News reported that a Lockbit representative said via an encrypted messaging app that the group had backup servers that were not affected by law enforcement.

The international operation was a joint operation with Europol and law enforcement agencies from Germany, France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands and Finland.

Software “most commonly used ransomware variant worldwide”

Last year, the British cybersecurity authority NCSC and its partners warned that Lockbit posed a “permanent threat.” The software was the “most frequently used ransomware variant worldwide” in 2022 and “continues to be productive so far” in 2023, the BBC quoted the authority as saying.

Lockbit is said to have been involved in high-profile hacker attacks, including on the postal service provider Royal Mail in Great Britain in early 2023. In the USA, the group is accused of attacks on more than 1,700 organizations from several industries.

According to media reports, Lockbit was discovered in 2020. At that time, the software appeared in Russian-language forums, which is why some analysts assume that the group came from Russia. On its darknet website, which is now controlled by the authorities, the group listed its headquarters as the Netherlands and emphasized that it was apolitical and only interested in money.

dpa