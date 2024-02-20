



A coalition of international law enforcement agencies has disrupted one of the most destructive ransomware strains in recent history, Lockbit, which Cybercriminals often use it to attack American hospitals and schools. In one of the largest cybercrime takedowns to date, agencies from the United States, the United Kingdom and 12 other countries dismantled the Lockbits infrastructure and replaced its dark web site with a list of agency press releases and resources for victims. Brett Leatherman, deputy assistant director of the FBI's Cyber ​​Division, said at a press conference Tuesday that the takedown was several years in the making. Attorney General Merrick Garland said in a Video on YouTube Tuesday that the crackdown on Lockbits suppliers was taking the keys to their criminal operation. Ransomware is a type of cybercrime in which hackers use malicious software to encrypt a network of computers, usually belonging to a business or critical service, and demand a payment in cryptocurrency for a promise to fix the problem. Such attacks routinely cripple operations at US hospitals, public schools, businesses and police departments. The issue has become an epidemic, with victims sending their attackers a record $1 billion last year. While the world of cybercrime is awash with ransomware strains, Lockbit has been more prolific in recent years, in part because its developers offer it to virtually every cybercriminal, said Allan Liska, a ransomware analyst at cybersecurity firm Recorded Future. Anyone who pays to join is accepted with little or no vetting, he said. The lack of scruples helps explain why it is so often used to hack hospitals, he said. At least five suspected members of Operation Lockbit have been named or arrested as part of the crackdown. Two accomplices were arrested in Ukraine and Poland, respectivelyat the request of French law enforcement, says a Europol announcement. Many ransomware hackers are based in Russia, which has enabled a thriving cybercrime scene and does not extradite its citizens, frustrating authorities in the countries where victims live. Mikhail Matveev, a Russian national, is suspected to be a prolific ransomware affiliate currently based in Russia. FBI The Justice Department issued indictments against Russian nationals Artur Sungatov and Ivan Kondratyev, who have been named publicly for the first time, and said a suspected Russian cybercriminal, Mikhail Matveev, was also involved in Lockbit. Last year, the State Department offered one $10 million reward for information leading to his arrest. With those prime suspects still appearing to be free to operate in Russia, there is little doubt they could rebuild the Lockbits empire, said Don Smith, vice president of threat intelligence at cybersecurity company SecureWorks. I'm sure it won't take long to rebuild, but a big part of this operation is about eroding trust in the criminal ecosystem, he said.

