What we know about LockBit, the world’s ‘most harmful’ hacker group, now dismantled

INTERNATIONAL – This is a major operation which will be a landmark in the fight against cybercrime. The LockBit hacker group, presented as “most harmful” in the world, was dismantled during an international police operation, the authorities of several countries announced this Tuesday, February 20.

“After infiltrating the group’s network, the NCA (British crime fighting agency, Editor’s note) took control of LockBit’s services, compromising their entire criminal enterprise”the agency said in a statement. “We hacked the hackers”welcomed Graeme Biggar, its managing director, announcing the neutralization of LockBit during “Operation Cronos”, during a press conference in London.

“This site is now under control of the police”now indicates a message on the LockBit website, specifying that the British NCA has taken control in cooperation with the American FBI and agencies from several countries.

HuffPost takes stock of this joint operation.

• How did LockBit work?

LockBit is touted as one of the most active malware in the world, which has claimed more than 2,500 victims worldwide. During its existence, its hackers have been able to target critical infrastructures and large industrial groups, with ransom demands ranging from 5 to 70 million euros.

“It is estimated that ransomware accounts for a good quarter of attacks worldwide, with a predisposition to hitting Europe”, emphasizes to the World Jean-Philippe Lecouffe, Deputy Director of Operations at Europol. He describes a group very attractive ” for pirates, because “ all tools were provided”.

Unlike other groups, LockBit had become a real company, selling its services to other hackers in exchange for a percentage.

In November 2022, the US Department of Justice (DoJ) classified LockBit ransomware as “more active and more destructive variants in the world”.

• How did the hackers actually proceed?

Cybercriminals made available to their “affiliates” tools and infrastructure allowing them to carry out attacks.

These consisted of infecting the victims’ computer network to steal their data and encrypt their files.

A ransom was then demanded in cryptocurrencies to decrypt and recover the data, under penalty of publication of the victims’ data.

• How much money was LockBit able to raise?

The hacker group collected more than $120 million in ransom in total, according to the United States, where five people, including two Russian nationals, are being prosecuted.

In the United States alone, LockBit has carried out more than 1,700 attacks since 2020 for nearly $91 million in total ransoms, according to an American agency, reports franceinfo.

But according to the NCA, the ransomware caused losses which in total amount to billions of euros if we add to the ransoms the costs incurred for the victims.

• Who was affected in France?

Of the 2,500 LockBit victims, more than 200 are in France, “including hospitals, town halls, and companies of all sizes”, the Paris prosecutor’s office said in a statement. In 2023, the group notably attacked the hospitals of Corbeil-Essonnes and Versailles in the Paris region.

During the international Cronos operation, French investigators arrested “two targets in Poland and Ukraine” and carried out searches, according to the same source.

According to the Paris prosecutor’s office, the operation made it possible to “take control of a significant part of the LockBit ransomware infrastructure, including on the darknet”and in particular the “wall of shame” (wall of shame) “where the data of those who refused to pay the ransom were published”.

• What about Russia?

According to the head of the NCA, the investigations did not reveal any “direct support” of the Russian state towards LockBit, but nevertheless highlighted a ” tolerance “ towards cybercrime in Russia. “They are cybercriminals, they are based all over the world, there is a large concentration of these individuals in Russia and they often speak Russian”did he declare.

Also see on HuffPost :