LockBit, a notorious ransomware provider, has been seized by law enforcement

Washington A ransomware service provider that targeted more than 2,000 systems worldwide, including hospitals in the United States, with claims worth hundreds of millions of dollars, was removed on Monday, and Russian citizens were charged as part of an international conspiracy to spread the malware, the Justice Department announced. , Tuesday.

The cybercriminal network, known as LockBit, targets critical components of manufacturing, healthcare and logistics around the world, catering to hackers who deploy its malware into vulnerable systems and hold them hostage until ransoms are paid. To date, the attackers have extorted more than $120 million from their victims, and their program has evolved into one of the most popular and active, officials said.

As part of this week's operation, the FBI and its UK law enforcement partners seized several public platforms where cybercriminals could initiate and join contact with LockBit. Investigators also seized two servers in the United States that were used to transfer stolen victim data.

The Associated Press noted that the front page of the LockBit website was replaced with the phrase “This site is now under the control of law enforcement authorities,” along with the flags of the United Kingdom, the United States, and several other countries.

According to Attorney General Merrick Garland, the United States and its allies have gone “a step further” by obtaining “keys” that can unlock computer systems that have been attacked to help victims “regain access to their data,” relieving them of having to pay a ransom. This step could help hundreds of victims around the world.

Two Russian nationals who allegedly used LockBit's ransomware against companies across the US — in Oregon, New York, Florida and Puerto Rico — have also been charged in New Jersey as part of the Justice Department's latest play against the group.

Artur Sungatov and Ivan Kondratiev join a growing number of defendants charged by federal prosecutors with attacking US institutions as part of the LockBit scheme. Five people have now been charged, including someone who allegedly targeted the Washington, D.C., police force.

LockBit was the most widely used version of ransomware in 2022, according to A Joint Cybersecurity Consulting Deployed by the FBI and the Cybersecurity and Infrastructure Security Agency last year, it targeted “a range of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government services, emergency services, healthcare, manufacturing, and transportation.”

The LockBit network was first seen on Russian-speaking cybercrime platforms in 2020, and has continued to develop and grow, targeting various computer platforms and operating systems. By 2022, 16% of ransomware attacks in the United States will be deployed by the LockBit group, according to the advisory.

Criminals usually gain access to vulnerable systems through phishing emails or when users visit an infected website while browsing the Internet. US officials constantly warn users to avoid paying the ransom and contact law enforcement instead.

Federal investigators recently developed a new approach to combating ransomware attacks that can be costly for victims and harmful to the normal functioning of society: arming victims with the tools necessary to counter a malware attack.

Similar to Operation LockBit, in July 2022, the F.B.I It took down an international ransomware group It contacted Hive and collected decryption keys for the compromised computer networks it had infiltrated to conduct what officials described as “high-tech 21st century cyber surveillance.” FBI agents then distributed the keys to victims whose networks had been ransomized.

In August, investigators brought down a criminal network known as… Hackbot robots – A group of computers infected with malicious software that has been used to carry out cyberattacks. Law enforcement gained access to QakBot's infrastructure and “redirected” the cyber activity to servers controlled by US investigators, who were then able to inject the malware with a program that launched the victim's computer from the botnet, freeing it from the malicious host.

Victims of LockBit attacks are encouraged to contact the FBI for further assistance.