info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Britain and FBI lock notorious hackers out of their own site
5 views
Skip to first unread message
Julian
Feb 20, 2024, 8:07:26 AMFeb 20
to
Bless!
LockBit’s servers, used to blackmail thousands of companies, have been
seized in a British and US-led operation
One of the world’s most prolific cybercrime gangs has had its website
and servers seized in a global operation led by British and American law
enforcement.
LockBit, which has been responsible for ransomware attacks on Royal
Mail, Boeing and thousands of other companies, was targeted in an
operation led by the National Crime Agency, FBI and Europol.
A message posted on the LockBit dark-web site, which was used by the
group to extort its victims, said it has been taken over by a coalition
of 11 police agencies.
“We have source code, details of the victims you have attacked, the
amount of money extorted, the data stolen, chats and much, much more”, a
message to the hackers read on one part of the site. “We may be in touch
with you very soon. Have a nice day.”
LockBit originated in Russia and runs on an “affiliate” system where
hackers carry out attacks under its banner and using its software. It
has claimed to be “located in the Netherlands, completely apolitical and
only interested in money”.
Brett Leatherman, deputy assistant director of the FBI, told Bloomberg
that his agents had seized control of LockBit’s equipment, including
servers with data that can be returned to victims. He said indictments
and sanctions would follow soon.
The police coalition, working under the banner of Operation Cronos, also
seized 11,000 domains used by the gang and its affiliates.
Despite the website takedown, the group claimed that its servers were
untouched. In a message to its affiliates, which mocks the way its
victims tell customers of a hack, LockBit said: “Our team recently
detected unauthorised access to our systems, which we believe was
carried out by a group called the NCA.” The gang makes money by hacking
into systems, stealing sensitive data and threatening to leak it if
victims fail to pay an extortionate ransom.
Ransomware is malicious software that encrypts data. LockBit makes money
by coercing its targets into paying ransom to unlock that data with a
digital key.
The FBI said LockBit had claimed 1,600 victims in the United States and
2,000 internationally. The UK National Cyber Security Centre (NCSC) said
LockBit’s software was the “most deployed ransomware variant” across the
world in 2022 and Secureworks estimates it has a 25 per cent share of
the ransomware market.
One expert said it was a “huge win” for the police, but warned against
early celebration.
Chester Wisniewski, a director at the Sophos cybersecurity firm, said:
“LockBit rose to be the most prolific ransomware group since Conti
departed the scene in mid-2022. The frequency of their attacks, combined
with having no limits to what type of infrastructure they cripple has
also made them the most destructive in recent years. Anything that
disrupts their operations and sows distrust amongst their affiliates and
suppliers is a huge win for law enforcement.
“We shouldn’t celebrate too soon though,” he added. “Much of their
infrastructure is still online, which likely means it is outside the
grasp of the police and the criminals have not been reported to have
been apprehended.”
Mark Sellman
LockBit’s servers, used to blackmail thousands of companies, have been
seized in a British and US-led operation
One of the world’s most prolific cybercrime gangs has had its website
and servers seized in a global operation led by British and American law
enforcement.
LockBit, which has been responsible for ransomware attacks on Royal
Mail, Boeing and thousands of other companies, was targeted in an
operation led by the National Crime Agency, FBI and Europol.
A message posted on the LockBit dark-web site, which was used by the
group to extort its victims, said it has been taken over by a coalition
of 11 police agencies.
“We have source code, details of the victims you have attacked, the
amount of money extorted, the data stolen, chats and much, much more”, a
message to the hackers read on one part of the site. “We may be in touch
with you very soon. Have a nice day.”
LockBit originated in Russia and runs on an “affiliate” system where
hackers carry out attacks under its banner and using its software. It
has claimed to be “located in the Netherlands, completely apolitical and
only interested in money”.
Brett Leatherman, deputy assistant director of the FBI, told Bloomberg
that his agents had seized control of LockBit’s equipment, including
servers with data that can be returned to victims. He said indictments
and sanctions would follow soon.
The police coalition, working under the banner of Operation Cronos, also
seized 11,000 domains used by the gang and its affiliates.
Despite the website takedown, the group claimed that its servers were
untouched. In a message to its affiliates, which mocks the way its
victims tell customers of a hack, LockBit said: “Our team recently
detected unauthorised access to our systems, which we believe was
carried out by a group called the NCA.” The gang makes money by hacking
into systems, stealing sensitive data and threatening to leak it if
victims fail to pay an extortionate ransom.
Ransomware is malicious software that encrypts data. LockBit makes money
by coercing its targets into paying ransom to unlock that data with a
digital key.
The FBI said LockBit had claimed 1,600 victims in the United States and
2,000 internationally. The UK National Cyber Security Centre (NCSC) said
LockBit’s software was the “most deployed ransomware variant” across the
world in 2022 and Secureworks estimates it has a 25 per cent share of
the ransomware market.
One expert said it was a “huge win” for the police, but warned against
early celebration.
Chester Wisniewski, a director at the Sophos cybersecurity firm, said:
“LockBit rose to be the most prolific ransomware group since Conti
departed the scene in mid-2022. The frequency of their attacks, combined
with having no limits to what type of infrastructure they cripple has
also made them the most destructive in recent years. Anything that
disrupts their operations and sows distrust amongst their affiliates and
suppliers is a huge win for law enforcement.
“We shouldn’t celebrate too soon though,” he added. “Much of their
infrastructure is still online, which likely means it is outside the
grasp of the police and the criminals have not been reported to have
been apprehended.”
Mark Sellman
0 new messages