As a result of this operation, two individuals associated with LockBit have been apprehended in Poland and Ukraine, while two others, believed to be affiliates, have been arrested and charged in the US. However, two additional suspects, identified as Russian nationals, remain at large. Furthermore, authorities have taken action by freezing over 200 cryptocurrency accounts linked to the criminal organization.
Graeme Biggar, the NCA’s director general, stated, “Through our close collaboration, we’ve infiltrated the hackers’ systems, seized their source code, and acquired keys to assist victims in decrypting their systems. LockBit has effectively been shut down. We’ve significantly weakened the group’s capability and credibility, which relied on secrecy and anonymity.”
LockBit is known for pioneering the “ransomware as a service” model, outsourcing target selection and attacks to semi-independent “affiliates” while taking a commission on ransoms.
Apart from encrypting data and demanding payment for decryption keys, LockBit also threatened to publish stolen data if ransoms were not paid, falsely promising to delete copies upon receipt of payment. However, the NCA discovered that some victims’ data remained on LockBit’s systems even after ransom payments were made.
Home Secretary James Cleverly commented, “The NCA’s exceptional expertise has dealt a significant blow to the individuals behind one of the most widespread ransomware strains worldwide.”
In a recent blog post, Ciaran Martin, the former head of the National Cybersecurity Centre, emphasized that the presence of Russian hackers in cybercrime undermines conventional law enforcement strategies. He advised taking action to disrupt cyber criminals whenever possible but cautioned that this approach is not a long-term solution as long as Russia continues to provide a haven for them.