February 20, 2024 at 07:15AM
An international law enforcement operation has disrupted the LockBit ransomware group, resulting in arrests and server seizures. The UK’s NCA led the operation, with involvement from agencies in several countries. The operation has frozen cryptocurrency accounts, shut down rogue accounts, and obtained decryption keys. The NCA has taken control of LockBit’s infrastructure and obtained crucial information to dismantle the group’s criminal enterprise.
The meeting notes cover an extensive international law enforcement operation that severely disrupted the LockBit ransomware group. The operation involved seizing servers, freezing cryptocurrency accounts, and taking down rogue accounts and infrastructure used by the cybercriminals. Law enforcement agencies from various countries including the US, UK, Canada, Australia, France, Germany, Switzerland, and others collaboratively took action.
The UK National Crime Agency (NCA) and Europol were among the key authorities involved. The NCA has taken control of LockBit’s primary administration environment, obtained decryption keys, and claimed to have damaged the group’s capability and credibility. Europol mentioned the gathering of crucial data for ongoing international operational activities targeting the group’s leaders, developers, affiliates, and criminal assets.
Moreover, arrests were made in Poland and Ukraine, and several international arrest warrants and indictments have been issued. The US charged alleged LockBit ransomware affiliates and unsealed indictments against Russian nationals. Vx-Underground, a cybersecurity research and threat intelligence project, confirmed the seizure of LockBit’s websites and the acquisition of information by law enforcement. The group’s claimed vulnerabilities in their systems, and the impact on their servers using PHP, are also noted.
The meeting notes also highlighted that major cybercrime enterprises, including ransomware groups like RagnarLocker, Hive, and BlackCat, have been targeted in international law enforcement operations over the past year. Additionally, the US has offered rewards for information on BlackCat and Hive ransomware leaders, and ransomware payments surpassed $1 billion in 2023.
The thorough and complex nature of the operation and its impact on the LockBit ransomware group were precisely captured in the meeting notes. The notes clearly outline the international collaboration and the significant achievements of law enforcement agencies in disrupting the cybercriminal activities of the LockBit group.