Crime Ring Infiltrated By International Government Task Force

The National Crime Agency in the United Kingdom reports that the authorities have taken over the whole LockBit ransomware group’s command and control infrastructure. This followed the agency’s seizure of the criminal gang’s website as part of a well-coordinated worldwide operation.

In a statement posted on LockBit’s website, the site is currently being run by the National Crime Agency of the UK in conjunction with the FBI and Operation Cronos. The statement also mentioned the involvement of Europol and several other international law enforcement agencies.

Two people linked to LockBit were arrested in Ukraine and Poland, while two further individuals, thought to be associates, were held and tried in the United States, according to Europol. Two more Russian nationals have been named but are not in jail at this time. Authorities have frozen more than 200 Bitcoin accounts linked to the criminal group.

More damage will come to the LockBit operation than what was first revealed. The NCA did more than just take over the front-facing website; they also seized LockBit’s primary administration environment, responsible for managing and deploying the extortion technology utilized globally.

This group was an early adopter of a business strategy that paid a commission on ransoms collected from victims and delegated the selection of targets and execution of attacks to a group of loosely affiliated individuals.

Infected computers have data encrypted by ransomware, demanding money to unlock the data. Furthermore, LockBit demanded cash in exchange for a ransom and threatened to release the stolen material if payment wasn’t received, but said it would return everything to normal if it were paid.

But according to the NCA, the assurance was false. After the victims paid the ransom, it discovered their data on LockBit’s computers.

More than a thousand decryption keys meant for LockBit attack victims have been retrieved by the campaign, and they will be contacted to assist in recovering encrypted data.