OMAHA, NEBRASKA – The FBI, along with international allies, has successfully seized control of a dark-web site used by one of the world’s most prolific ransomware groups, according to information obtained by CNN. The multinational ransomware gang known as LockBit has been a significant threat to organizations worldwide, including healthcare providers in the US. The hackers were responsible for a ransomware attack that resulted in canceled patient appointments at New Jersey-based Capital Health in November.
LockBit also claimed responsibility for ransomware attacks on the Industrial and Commercial Bank of China and Fulton County, Georgia, in recent months. A message posted on the hackers’ website confirmed that their services had been disrupted as a result of international law enforcement action. The FBI, UK National Crime Agency, and other law enforcement agencies from Australia to Germany were involved in the operation.
The National Crime Agency, in confirming the operation against LockBit, announced that more details would be publicly disclosed. An FBI spokesperson also mentioned that a formal announcement and additional details would follow. Seizing a ransomware group’s dark-web site not only disrupts their operations but also signals law enforcement access to the hackers’ networks.
Analysis indicates that LockBit has members or criminal partners in Eastern Europe, Russia, and China. The ransomware group accounts for a quarter of the ransomware market based on victim information they have posted online. This latest operation is part of an ongoing struggle between the FBI and its allies and ransomware gangs based in Eastern Europe and Russia.
Despite efforts to cut off their money flows, cybercriminals managed to extort a record $1.1 billion in ransom payments from victim organizations around the world last year. While the recent operation against LockBit may not lead to the arrest of its core members, it is expected to have a significant impact on the ransomware ecosystem, potentially slowing down future attacks. The hope is that affected sectors, such as hospitals and schools, will have some breathing room to strengthen their defenses against such cyber threats.