UK and U.S. collaborate to target LockBit cybercrime syndicate

NCA, FBI, and Europol seize LockBit’s infrastructure, and arrest suspects globally. Efforts surpass initial disruption, crippling LockBit.

A coordinated law enforcement effort led by the UK’s National Crime Agency (NCA) has successfully seized the “command and control” infrastructure of the LockBit ransomware group. This operation involved collaboration between the NCA, the FBI, Europol, and various international police agencies. LockBit’s website now displays a message indicating its takeover by the NCA, FBI, and Operation Cronos, an international law enforcement task force.

As a result of this operation, two individuals associated with LockBit have been apprehended in Poland and Ukraine, while two others, believed to be affiliates, have been arrested and charged in the US. However, two additional suspects, identified as Russian nationals, remain at large. Furthermore, authorities have taken action by freezing over 200 cryptocurrency accounts linked to the criminal organization.

The NCA disclosed that the extent of the disruption to the LockBit operation exceeds initial reports. In addition to gaining control of the public-facing website, the agency seized LockBit’s primary administration environment, the infrastructure used to manage and deploy the hacking technology for extorting businesses and individuals globally.

Graeme Biggar, the NCA’s director general, stated, “Through our close collaboration, we’ve infiltrated the hackers’ systems, seized their source code, and acquired keys to assist victims in decrypting their systems. LockBit has effectively been shut down. We’ve significantly weakened the group’s capability and credibility, which relied on secrecy and anonymity.”

LockBit is known for pioneering the “ransomware as a service” model, outsourcing target selection and attacks to semi-independent “affiliates” while taking a commission on ransoms.
Apart from encrypting data and demanding payment for decryption keys, LockBit also threatened to publish stolen data if ransoms were not paid, falsely promising to delete copies upon receipt of payment. However, the NCA discovered that some victims’ data remained on LockBit’s systems even after ransom payments were made.

Home Secretary James Cleverly commented, “The NCA’s exceptional expertise has dealt a significant blow to the individuals behind one of the most widespread ransomware strains worldwide.”
In a recent blog post, Ciaran Martin, the former head of the National Cybersecurity Centre, emphasized that the presence of Russian hackers in cybercrime undermines conventional law enforcement strategies. He advised taking action to disrupt cyber criminals whenever possible but cautioned that this approach is not a long-term solution as long as Russia continues to provide a haven for them.