Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Law enforcement agencies including the FBI and the UK’s National Crime Agency have disrupted LockBit, one of the world’s most prolific cyber crime gangs, which had been involved in ransomware attacks on Royal Mail, the Industrial and Commercial Bank of China and Boeing.
The hacking group’s technology, which locks organisations out of their own IT systems, has been used extensively over the past few years by a network of hackers that extorted tens of millions of dollars from hundreds of victims by threatening to leak stolen data unless a ransom was paid.
Security researchers said on Tuesday that LockBit’s website on hidden parts of the internet — the “dark web” — had been taken down and replaced by a message stating it was “now under control of law enforcement”.
The message states that the NCA, the FBI and Europol were among several agencies involved, through an international task force called “Operation Cronos”.
“The NCA can confirm that LockBit services have been disrupted as a result of international law enforcement action,” the UK crime agency said. “This is an ongoing and developing operation.”
LockBit is believed to be based in Russia but collaborates with an international criminal syndicate through a so-called “ransomware as a service” model. The group rents out its malware to a loose network of hackers, who use it to paralyse a wide range of targets, from international finance groups and law firms to schools and medical facilities. LockBit typically takes a commission of as much as 20 per cent of any ransom paid by victims.
The group has become so notorious that some hackers even got tattoos of its logo, part of a promotional stunt for which LockBit offered a $1,000 payment.
NCC Group, a cyber security firm, said that it recorded more than 1,000 LockBit victims last year, making up almost a quarter of all ransomware attacks.
Chester Wisniewski, global field chief technology officer at cyber security company Sophos, said that LockBit, which is believed to have first emerged in 2019, had risen to become the “most prolific ransomware group”’ in the past two years.
“The frequency of their attacks, combined with having no limits to what type of infrastructure they cripple, has also made them the most destructive in recent years,” he said. “Anything that disrupts their operations and sows distrust amongst their affiliates and suppliers is a huge win for law enforcement.”
However, Wisniewski added that “much of their infrastructure is still online”, suggesting there was still work to do to bring the hackers under full control of law enforcement.
Additional reporting by Mehul Srivastava and John Paul Rathbone
