FBI, UK Crime Agency Say They Have Disrupted LockBit Cyber Gang

By Jamie Tarabay | February 20, 2024

A coalition of international law enforcement agencies, including the FBI and UK National Crime Agency, said they have disrupted LockBit, one of the most prolific hacker groups of all time, including shutting down websites the organization used for ransomware payments.

A post on the gang’s website Monday said it’s “now under the control” of the UK agency, the FBI and other law enforcement agencies.

Law enforcement from 11 different countries took part in the operation, which seized 11,000 domains used by LockBit and its affiliates to facilitate ransomware, an FBI official said. The operation, which disrupted LockBit’s infrastructure and targeted its malware deployment system, took place in recent days, the official said.

LockBit specializes in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files. The operation recruits hackers to conduct the cyberattacks using LockBit’s tools and infrastructure. LockBit gets a cut of any ransom extorted in the hacks.

Related: Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money

The group was responsible for last year’s attack on the US arm of Industrial & Commercial Bank of China Ltd., which disrupted the $26 billion US Treasury market. It also took down a website that Boeing Co. uses to sell spare aircraft parts, software and services.

The worldwide operation disrupted the group’s infrastructure and will include indictments, followed by sanctions, said Brett Leatherman, deputy assistant director of the FBI.

Agents seized control of Lockbit’s equipment, including servers with victim data, file-share servers and communication servers, he said. That will help authorities return stolen data to the companies and other organizations hacked by LockBit.

“We’ll be notifying victims here soon,” Leatherman said in an interview.

LockBit first came to prominence in 2021, calling itself LockBit 1.0. In 2022, it became LockBit 2.0 and its latest iteration is LockBit Green. One of the group’s most recent victims was EquilLend. The trading platform, which processes trillions of dollars of transactions a month, said the incident on Jan. 22 affected some automated securities lending services.

The hacking group has claimed 1,600 victims in the US and 2,000 internationally, according to the FBI. A good majority are within the private sector, and the FBI said it’s tracking 144 million ransoms paid in relation to LockBit attacks.

Top photo: An attendee types on a cyrillic laptop computer keyboard at the CrytoSpace conference in Moscow, Russia, on Friday, Dec. 8, 2017. CryptoSpace is Eastern Europe’s largest conference dedicated to blockchain technology and cryptocurrencies and runs Dec. 8-9. Photographer: Andrey Rudakov/Bloomberg

Was this article valuable?

Here are more articles you may enjoy.