SECURITY

Multi-country joint statement has dismantled well-known ransomware, LockBit responds: You can't kill me, will continue operations

share
Multi-country joint statement has dismantled well-known ransomware, LockBit responds: You can

According to the National Crime Agency (NCA) of the United Kingdom, NCA has announced that it has disrupted the world's largest Russian cybercrime group LockBit. However, members of LockBit have stated that what NCA and FBI have cracked are only some unprotected servers, and they will continue to carry out ransomware attacks.

Infamous Ransomware LockBit

LockBit primarily provides ransomware services to hackers worldwide, offering tools and infrastructure needed for the attacks they launch. When victims fall for phishing, have their data stolen, or their systems encrypted, they are demanded ransom payments in cryptocurrency.

The NCA stated on the 20th that LockBit has been operational for four years, frequently conducting ransomware attacks during this period. Global victims include thousands in the UK, resulting in billions of pounds in losses.

After thoroughly infiltrating the organization, NCA claims to have gained full control over LockBit's services.

UK Claims Destruction of LockBit

The NCA mentioned in a statement that they, along with the FBI and nine international partners, launched the "Cronos" operation and have made the following progress:

  • NCA has taken control of LockBit's main management environment and official website.

  • A significant amount of LockBit information has been obtained, including collaborators and organizational personnel worldwide.

  • The infrastructure of LockBit in three countries has been seized by the Cronos team, with 28 servers shut down.

  • Two LockBit participants have been arrested in Poland and Ukraine, with over 200 cryptocurrency accounts associated with LockBit frozen.

NCA emphasized that they have obtained over 1,000 decryption keys and will be contacting UK victims in the coming weeks to provide support and aid in data recovery.

Over 200 LockBit Addresses Sanctioned

The US Department of the Treasury also stated on the 20th that in addition to charging affiliates of LockBit, two defendants who carried out ransomware attacks using LockBit have been criminally charged and will face trial in the US.

Furthermore, over 200 cryptocurrency addresses associated with LockBit have been added to the US OFAC sanctions list.

According to online monitoring agency 0xScope, Tether has also blocked the related addresses.

Although it seems like LockBit has reached its end, members of LockBit posted a lengthy statement on Twitter vowing to resist law enforcement agencies.

LockBit: Thanks to FBI for Reigniting My Fighting Spirit

@DarkWebInformer retweeted LockBit's statement on Twitter, highlighting the following points:

  • LockBit acknowledges that two servers were breached on February 19 due to not updating the PHP version promptly.

  • Law enforcement claims to have obtained over 1,000 decryption keys, but LockBit reportedly holds nearly 40,000 decryptors.

  • They will enhance their defense measures, including encrypting all build versions and decentralizing server architecture.

  • LockBit boasts about its ill-gotten gains, emphasizing its continued ransomware attack operations.

LockBit points out that the FBI chose to act at this time and attempted to smear them. LockBit claims that they received ransom but did not delete sensitive information, all to prevent LockBit from disclosing information before the US presidential election.

LockBit claims to possess many stolen documents, including court files related to Trump, which could impact the upcoming US election.

LockBit concludes by thanking the FBI for reigniting their fighting spirit and getting them back into work mode. Many reports touted "11 countries jointly dismantled the cybercrime organization LockBit," but it seems the situation is far from over.