According to a statement on the gang’s blackmail website on Monday, Lockbit, a well-known cybercriminal group that demands ransom for stolen data, has been thwarted in a unique global law enforcement operation by the UK’s National Crime Agency, the US’s Federal Bureau of Investigation, Europol, and a coalition of international law enforcement agencies.

The website is currently being supervised by the National Crime Agency of the United Kingdom, in collaboration with the FBI and the global law enforcement initiative, ‘Operation Cronos’, according to the statement.

A representative from the NCA has verified that the organization has disrupted the gang and stated that the operation is currently in progress and evolving.

A spokesperson for Lockbit did not reply to requests for comment from Reuters, but did state on an encrypted messaging platform that they have backup servers that were not impacted by the law enforcement operation.

Requests for comment from the U.S. Department of Justice and the FBI have not yet received a response.

The post listed additional police organizations from various countries including France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.

In recent months, Lockbit and its partners have breached several major organizations worldwide. The group profits by stealing confidential information and demanding a large ransom in exchange for not releasing it. These affiliates are similar criminal groups that are enlisted by Lockbit to carry out attacks using their digital extortion tactics.

Lockbit is a type of ransomware that uses a digital key to encrypt data and demand payment in order to decrypt or unlock it.

In 2020, Lockbit was uncovered after its namesake harmful program was detected on cybercrime forums in the Russian language, causing certain security experts to speculate that the group originates from Russia.

The group has not declared allegiance to any government, but none have officially linked it to a specific nation. In a previous dark web platform that is no longer active, the gang stated that it was based in the Netherlands, had no political affiliation, and was solely focused on financial gain.

According to Jon DiMaggio, chief security strategist at the U.S.-based cybersecurity firm Analyst1, this group operates like a business and is often compared to Walmart in the world of ransomware. They are currently considered one of the largest ransomware organizations.

Authorities in the US, where Lockbit has targeted over 1,700 companies in a wide range of sectors such as finance, food, education, transportation, and government agencies, have labeled the group as the most significant ransomware danger globally.

Last November, Lockbit released confidential information from Boeing, a major defense and aerospace company. In early 2023, Britain’s Royal Mail experienced significant disruption due to an attack by the same group.

Vx-underground, a website focused on cybersecurity research, reported that Lockbit claimed in a statement shared on Tox, a secure messaging app, that the FBI targeted its servers which operate using PHP. The statement, which Reuters was unable to confirm, also mentioned that they have backup servers that do not use PHP and have not been affected.

On the platform formerly known as Twitter, vx-underground posted images displaying the control panel utilized by affiliates of Lockbit to initiate attacks. However, this panel had been substituted with a message from law enforcement stating, “We possess the source code, information on the victims you have targeted, the ransom amount demanded, the data obtained, conversations, and a plethora of other details.”

“We will contact you soon,” the message stated. “Have a great day.”

Prior to being removed, the Lockbit website featured a continuously expanding collection of targeted companies, which was regularly updated. Beside the names of these organizations were electronic timers indicating the remaining time until their deadline for paying the ransom.

On Monday, Lockbit’s website showed a comparable timer, but this time from the authorities who were able to breach the hackers. The post stated, “Come back on Tuesday, February 20th at 11:30 GMT for further updates.”

Don Smith, the vice president of Secureworks, a division of Dell Technologies, stated that Lockbit is the top performing and leading ransomware operator in a fiercely competitive underground market.

“According to data from leak sites, today’s takedown of Lockbit is significant. The ransomware group held a 25% market share, with Blackcat as their closest competitor at approximately 8.5%. After that, the market becomes increasingly fragmented,” stated Smith.

Lockbit surpassed all other groups, and today’s action holds great significance.

Source: voanews.com