



LONDON – The UK's National Crime Agency (NCA) announced on Tuesday that law enforcement had infiltrated and disrupted Rockbit, a prolific ransomware syndicate behind cyberattacks around the world.

The agency said it led an international operation targeting LockBit, which offers ransomware as a service to so-called affiliates who infect victim networks with computer-destroying malware and negotiate ransom payments. The group has been implicated in thousands of attacks since 2019.

Hours before the announcement, the homepage of Rockbit's site was replaced with the words “This site is now under the control of law enforcement,” along with the flags of the United Kingdom, United States, and several other countries.

A screenshot from February 19, 2024 shows a takedown notice issued by a group of global intelligence agencies to a dark website called Lockbit.Handout via Reuters

The message said the website was under the control of the UK National Crime Agency and was “working closely with the FBI and Operation Kronos, an international law enforcement force.”

The group said it was an “ongoing and evolving operation” that involved agencies including Germany, France, Japan, Australia, New Zealand and Canada, including Europol.

LockBit, active since 2019, has been the costliest ransomware syndicate for the second year in a row. The group accounted for 23% of the roughly 4,000 attacks worldwide last year in which ransomware groups posted data stolen from victims and extorted payment, according to cybersecurity firm Palo Alto Networks. .

An unusually aggressive cyber operation for the UK Crime Agency, the operation aimed to steal all of Rockbit's data and destroy its infrastructure, resulting in a “serious material deterioration” of the cybercrime threat. caused it.

In a Justice Department announcement, U.S. Attorney General Merrick Garland said, “For years, those associated with Rockbit have repeatedly deployed these types of attacks across the United States and around the world. Currently, the U.S. and U.K. law enforcement agencies are key to their criminal activities.

“And we are going one step further. We have also obtained keys from the seized LockBit infrastructure to assist victims in decrypting their captured systems and regaining access to their data. LockBit is not the first ransomware variant that the Department of Justice and its international partners have dismantled, and it won't be the last. ”

LockBit is controlled by Russian speakers and does not attack former Soviet Union countries. The syndicate provides clients with a platform and malware to carry out attacks and collect ransom money.

The incident is said to be linked to attacks on Britain's Royal Mail, Britain's National Health Service, aircraft manufacturer Boeing, international law firm Allen & Overy, and China's largest bank, ICBC.

Last June, a U.S. federal government agency issued an advisory attributing approximately 1,700 ransomware attacks in the U.S. since 2020 to LockBit, warning victims that “local, county, and public high school “Education and K-12 schools, and emergency services,” he said.

NCA officials called LockBit the “Instagram or Rolls Royce” of ransomware and said the aim of the operation was to discredit the syndicate and “obliterate its reputation”.

“An attack on a brand is just as important as an attack on infrastructure,” an NCA official said, adding that the aim of the operation was “to sow mistrust among all criminal users and shatter their trust.” Ta.

Ransomware is the most expensive and most destructive form of cybercrime, causing significant damage not only to businesses but also to local governments, court systems, hospitals and schools. Combat is difficult because most gangs are based in former Soviet Union countries, beyond the reach of Western justice. Law enforcement has had some recent successes against ransomware gangs, most notably the FBI's operation against Hive Syndicate. But the criminals reunite and rebrand.

The UK's National Cyber ​​Security Center has previously warned that ransomware remains one of the biggest cyber threats facing the UK and urged people and organizations not to pay ransoms if they are targeted.

