These cybercriminals have been responsible for at least 1,700 attacks since 2020. Its main site is now offline, targeted by a coordinated police operation from 11 countries, including France.
This is the ransomware group “The most fertile and dangerous in the world”, according to Europol. First discovered in 2019, Russian-speaking hacker group Lockbit reportedly collected a total of $91 million in ransom. Its main site was taken down by law enforcement on February 19 during Operation Chronos, an operation led by 11 countries including the United Kingdom, the United States, Japan, Germany and France.
“This site is now under police control”The British Organized Crime Agency (NCA) is in charge, with the cooperation of several countries' agencies, including Europol, the American FBI and the National Gendarmerie's Unit National Cyber, says a news release on the home page. .
In France, the group targeted the Corbail-Essonnes hospital in 2022, demanding $1 million not to release its sensitive information. Among the other victims: La Poste Mobile, the Loiret department or a branch of the Thales group, presided over his murder.
Two arrested in Poland and Ukraine
Europol explains in a Report want “disrupted Lockbit's criminal activities at all levels and severely damaged their competence and credibility”. International Police Organization a “Surgery lasting several months” By taking down 34 servers in several countries and arresting two players in the group, “Arrested at the request of French judicial authorities” In Poland and Ukraine.
Three international arrest warrants and five indictments were also issued by French and US authorities. More than 200 cryptocurrency wallets and 14,000 accounts linked to LockBit have been disabled. “unauthorized” Closed.
British officials say A statement After obtaining the source code of the Lockbit platform, it announced that it had taken control of the software that allowed Lockbit affiliates to carry out their attacks, as well as detailed information about the group.
On their main site, hackers have installed “Wall of Shame”There they published the names of the victims, revealed the ransom and published the stolen data.
group “Very active and destructive”
The hacker group specializes in attacks “ransomware” (Ransomware). It infiltrates the system, encrypts and intercepts data, and demands a ransom for non-disclosure. If the victim does not pay the required amount, all the files will be put online or resold. In November 2022, the US Department of Justice called LockBit ransomware “The Most Active and Destructive Variations in the World”. In France, the group accounted for 27% of ransom demands in 2022 and 2023 and the National Information Systems Security Agency (Anssi) processed 69 hacks attributed to it.
Read moreCybersecurity: Record Year of Ransomware Hunts Global Enterprises
These hackers are used to target critical infrastructure and large industrial groups, with ransom demands ranging from 5 to 70 million euros. Abroad, Lockbit notably attacked Royal Mail (British Post Office), German automobile supplier Continental, California administration and American sandwich chain Subway in 2023.
Touched but not removed
However, be careful not to declare success too quickly: At X (formerly Twitter), malware experts vx-underground Note that “Law enforcement authorities have reportedly seized or destroyed at least 22 sites linked to Lockbit”. Even if their main site is offline, LockBit's ransomware operations may continue and other sub-sites may still be accessible.
There are said to be many hacker groups “removed” In recent years and rapidly reappearing. If one head is cut off, others grow quickly. Especially since some of these pirates often live in Russia, where they are safe from police forces looking for them. Others are hackers “affiliates”, independently, users of the Lockbit software pay them a percentage of the ransom received. So they are very difficult to identify and can live anywhere in the world.
The media spotlight, sting operations and notoriety that Lockbit enjoys today in the world of cybercrime “Turned into a veritable criminal enterprise whose executives, software, commerce and communications services are hired by hackers”As with other groups, in detail By specialized media Numerama. In a joint note, cybercrime agencies noted that LockBit was responsible for 16% to 27% of ransom demands, depending on the country.
Currently, “The vast amount of data collected throughout the investigation is now in the possession of law enforcement”, notes Europol. To help Lockbit victims, officials in countries involved in Operation Chronos have provided decryption tools to recover data corrupted by the attacks. They are available on the portal No more ransom.
“Alcohol enthusiast. Twitter ninja. Tv lover. Falls down a lot. Hipster-friendly coffee geek.”