WASHINGTON, D.C. (AP) – A major takedown of a ransomware service provider occurred on Monday, with Russian nationals being charged in connection with an international plot to deploy the malicious software. LockBit, the cybercriminal network responsible for targeting over 2,000 systems globally, including U.S. hospitals, has extorted more than $120 million from its victims, making it one of the most notorious and active groups.
The FBI and its law enforcement partners seized public-facing platforms used by LockBit, as well as two servers in the U.S. used to transfer stolen victim data. The front page of LockBit’s site was replaced with a message indicating that the site is now under the control of law enforcement, and the flags of the U.S., U.K., and other nations were displayed.
As a part of the operation, the U.S. and its allies obtained the “keys” to unlock attacked computer systems, ultimately helping hundreds of victims worldwide regain access to their data without having to pay a ransom. Two Russian nationals were indicted in New Jersey as part of the Justice Department’s latest move against the LockBit scheme, joining a total of five individuals charged in connection with the group.
According to a joint cybersecurity advisory published by the FBI and the Cybersecurity and Infrastructure Security Agency, LockBit was the most commonly used version of ransomware in 2022. The network targeted critical infrastructure sectors, including financial services, healthcare, and transportation, and accounted for 16% of ransomware attacks in the U.S. in 2022.
Federal investigators have been developing new approaches to combat ransomware attacks, such as providing victims with tools to counter malware attacks. This approach was previously seen in the takedown of the international ransomware group called Hive and the criminal network known as the Qakbot botnet, where law enforcement redirected cyber activity to servers under their control and released victims’ computers from the malicious host.
In light of these developments, victims of LockBit attacks are encouraged to contact the FBI for further assistance. The Justice Department’s efforts to take down LockBit and other ransomware operations demonstrate a proactive approach to combating cyber threats and providing support to victims.