Cybercrime Crackdown: International Coalition Seizes Control of Ransomware Gang Website

International coalition takes over LockBit's dark-web site.

An international coalition, including the Federal Bureau of Investigation (FBI) and its allies from Britain and the EU, have seized control of the website belonging to LockBit, the most prolific ransomware gang in the world.

The cybercrime crackdown deals a major blow to the near-term operations of the multinational ransomware gang. It has been considered a menace to organizations worldwide, including health care providers in the United States.

Cybercrime Crackdown: International Coalition Seizes Control of Ransomware Gang Website
An international coalition of agencies worked together to seize control of a dark-web site belonging to LockBit, the most prolific ransomware gang in the world. YURI GRIPAS / AFP) (YURI GRIPAS/AFP via Getty Images

The hackers have previously claimed credit for a November ransomware attack that forced New Jersey-based Capital Health to cancel some of its patients' appointments. Furthermore, LockBit claimed responsibility for ransomware attacks targeting the Industrial and Commercial Bank of China and Fulton County, Georgia, in recent months.

Officials posted a message on the hackers' website on Monday that included the seals of the FBI, the UK National Crime Agency )NCA), and a host of other law enforcement agencies from Australia to Germany.

The statement included confirmation that the ransomware gang's services have been disrupted as a result of the action of International Law Enforcement, adding that the situation was an ongoing and developing operation.

A spokesperson for the NCA confirmed that a law enforcement operation against the ransomware gang was underway, adding that the agency will disclose more details on the matter to the public on Tuesday, as per CNN.

On the other hand, a spokesperson for the FBI said that they will make a formal announcement regarding the operation as well as additional information in the near future. The seizure of the LockBit ransomware group's dark web site forces cybercriminals to work on setting up new computer infrastructure to extort their victims.

Additionally, it can signal deeper law enforcement access to the hackers' networks where they conduct their operations. In another effort against a ransomware gang that was announced a year ago, the FBI said that it gained access to decryption software that saved victims roughly $130 million in ransom payments.

Seizing Control of LockBit's Dark Web Site

Analysts also believe that the LockBit ransomware gang has members or criminal partners in Eastern Europe, Russia, and China. Similar to other cash-flush groups, LockBit rents out its ransomware to "affiliates," who then use the malicious code in attacks, then take a cut of the ransom that victims pay.

The United Kingdom's National Cyber Security Centre (NCSC) previously issued a warning regarding the "enduring threat" that the LockBit group posed. This was made alongside partner agencies in the U.S., Australia, Canada, France, Germany, and New Zealand, according to BBC.

The statement made last year also added that LockBit's eponymous software was the "most deployed ransomware variant" worldwide in 2022. It added that the software continues to be prolific "so far in 2023."

LockBit makes money by stealing sensitive data and then threatening to leak it if the victims do not pay an extortionate ransom. The ransomware group's affiliates are like-minded criminal groups that are recruited to wage attacks using the main group's digital extortion tools.

In 2020, LockBit was discovered when its eponymous software was found on Russian-language cybercrime forums. This led some security analysts to believe that the gang is based in Russia, said Reuters.


Related Article:

US Lawmakers Consider Sanctioning Chinese Firms for Aiding Russia's War with Ukraine

Real Time Analytics