Making a significant breakthrough in the fight against cybercrime, law enforcement authorities from 10 countries have significantly impacted the cybercriminal group LockBit – Europol reports. Arrests have also been made on Polish territory. However, this success does not mean the total neutralization of the group, assert experts from Check Point Research.
LockBit is widely acknowledged as the most versatile and damaging ransomware software globally, causing damages worth billions of euros. The organized police action was the result of a complex investigation led by the UK’s National Crime Agency as part of an international task force known as “Operation Cronos,” coordinated at the European level by Europol and Eurojust.
A months-long operation led to the breach of LockBit’s main platform and another critical infrastructure, enabling their criminal enterprise. This includes the shutdown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States, and the United Kingdom.
At the request of French judicial authorities, two people connected to LockBit were arrested in Poland and Ukraine. French and American judicial authorities also issued three international arrest warrants and five indictments. Over 200 cryptocurrency accounts associated with organization members were frozen in the operation.
“LockBit is having a rough time. The group was recently removed from two Russian underground forums dedicated to cybercrime due to questionable operational ethics, while recent actions by British and US authorities will hamper Lockbit’s ability to recruit and maintain partners. On the other hand, gangs dealing with ransomware software are incredibly resilient and the group may reappear under a different banner in the near future. The threat from Lockbit and other groups dealing with ransomware continues, so organizations must continue to be extremely vigilant” – comments on the situation Sergey Shykevich, Threat Analysis Group Manager at Check Point Software Technologies.
LockBit operates almost worldwide, and hundreds of partners are recruited to conduct ransomware operations using LockBit’s tools and infrastructure. Ransom payments were divided between the main LockBit team and affiliated entities, which received on average three-quarters of the collected ransoms.
The ransomware group is also known for experimenting with new methods of putting pressure on victims to pay a ransom. One of these methods is triple extortion, which includes traditional methods of encrypting the victim’s data and threatening their leakage, but also involves Distributed Denial-of-Service (DDoS) attacks as an additional layer of pressure.
Source: Europol, Check Point Research