UK Leads Operation to Disrupt LockBit Cybergang

Improve the News Foundation -
0:00
/1861

Facts

  • It was revealed Monday that the UK’s National Crime Agency (NCA) has led an operation to disrupt Lockbit, which is widely considered the world's largest criminal ransomware group. The FBI, Europol, and other countries also contributed to the long-running operation.1
  • NCA released a statement Tuesday saying it took control of LockBit’s primary administrative environment — which had allowed its affiliates to execute attacks — and its public-facing leak site on the dark web. The site now shows information exposing LockBit’s criminal operations.2
  • The US Dept. of Justice also released a statement saying the joint international law enforcement effort seized multiple websites LockBit used to connect affiliates to its infrastructure. The takedown could enable hundreds of victims to restore systems that were attacked.3
  • Europol says that two LockBit actors were arrested, and authorities issued three international warrants and two indictments. While the group hasn't been dismantled, authorities believe a major blow has been dealt to LockBit’s reputation and fear has been stoked in its affiliates.4
  • Operating since 2019, LockBit has been the world’s most prolific ransomware gang by volume, accounting for 23% of last year’s nearly 4K global ransomware attacks. The syndicate has stolen $120M from thousands of victims and uses stolen information to extort its victims.5
  • Cybercriminals at large extorted $1B from victims last year, and attacks threaten hospitals, schools, businesses, and police departments. Since most hackers live in Russia, it's difficult for other countries to prosecute criminals and terminate syndicates.6

Sources: 1BBC News, 2National Crime Agency, 3United States Department of Justice, 4Yahoo Finance, 5Associated Press and 6NBC.

Narratives

  • Pro-establishment narrative, as provided by Verge. This is a momentous victory over LockBit that will punish the world’s largest ransomware gang and send a message to cyber criminals at large. The long-running operation involved building sophisticated systems that can beat hackers at their own game, an approach that can serve as a road map for dealing with future ransomware syndicates.
  • Establishment-critical narrative, as provided by SC Media. International law enforcement agencies deserve kudos for this operation, but the disruption is unlikely to yield massive changes in the world of cybersecurity. Due to syndacites' decentralized nature, and the fact that most hackers reside in Russia, it's virtually impossible to truly dismantle LockBit, and other ransomware gangs are waiting in the wings to fill the void. Law enforcement can't be complacent.

Predictions