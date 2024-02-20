



CNN —

The FBI and its international allies have seized a dark website used by the world's most damaging ransomware crime syndicate to blackmail victims, according to messages on the website viewed by CNN. .

This is a blow to the immediate operations of the multinational ransomware gang known as LockBit, which poses a threat to organizations around the world, including healthcare providers in the United States. Hackers claimed credit for a ransomware attack in November that forced New Jersey-based Capital Health to cancel some patient appointments.

Rockbit also claimed responsibility for ransomware attacks against Industrial and Commercial Bank of China and Fulton County, Georgia in recent months.

We can confirm that Lockbits services have been suspended as a result of the actions of international law enforcement agencies. This is an ongoing and evolving operation, said a message posted on the hacker's website on Monday, as well as seals from the FBI and the UK's National Crime Agency (NCA). and many other law enforcement agencies from Australia to Germany.

On Tuesday morning, US and UK authorities revealed the full extent of their crackdown on Rockbit. The NCA and FBI say they have developed software that allows hundreds of victims around the world to crack computers locked by hackers. The U.S. Department of Justice also announced the indictment of two Russian men for deploying LockBit ransomware to victim organizations across the United States, including an unnamed manufacturing company.

The Justice Department said in a statement that Rockbit targeted more than 2,000 victims and received more than $120 million in ransom payments.

The NCA's statement suggests LockBit's long-term intrusions, allowing law enforcement to obtain the hackers' source code and secret parts of the software programs that make it work.

Taking over a ransomware group's dark web site requires cybercriminals to set up new computer infrastructure in order to blackmail their victims. It could also indicate that law enforcement has access deeper into the hacker's network. In another operation against a ransomware gang announced a year ago, the FBI said it had access to decryption software that saved victims about $130 million in ransom payments.

Analysts believe Rockbit has members and criminal partners in Eastern Europe, Russia and China. Like other cash-stealing ransomware groups, LockBit rents out its ransomware to affiliates, who use the malicious code in attacks and receive a portion of the ransoms paid by victims.

Private experts say LockBits ransomware has spread far more rapidly than other ransomware variants over the last year. Don Smith, vice president of threat research at cybersecurity firm Secureworks, said Rockbit accounts for a quarter of the ransomware market, based on victim information posted online by hackers.

Government agencies and private investigators around the world will be scrutinizing Lockwitz's next move. Well-resourced ransomware groups rebuild computer infrastructure after disrupting law enforcement and often rename hacking tools to limit reputational damage in the criminal underworld.

The operation is the latest move in a years-long battle between the FBI and its allies around the world and ransomware gangs, often based in Eastern Europe and Russia.

While law enforcement has made notable arrests and seized millions of dollars worth of ransoms, the ransomware economy continues to thrive.

Cryptocurrency tracking firm Chainalysis estimates that cybercriminal organizations collected $1.1 billion in ransom payments from victim organizations around the world last year, despite efforts by the U.S. government to cut off their financial flows. Recorded.

Alan Liska, a ransomware expert at cybersecurity firm Record Future, told CNN that since key members of the Rockbit group are based in Russia, there is a strong possibility that they will be arrested as part of this operation. He said it was low.

Nevertheless, the seizure of Rockbitz's website by law enforcement will have a significant, if short-term, impact on the ransomware ecosystem, meaning attacks will slow down, Liska said. Ta.

LockBit has also developed a reputation as one of the most ruthless ransomware operators, encouraging its affiliates to target hospitals and schools, he added. My hope is that these sectors can get a little room to build their defenses.

This story has been updated with additional information.

