The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group.
The LockBit ransomware group is one of the most active ransomware groups in the world that has targeted over 2,000 victims, received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars.
The U.K. National Crime Agency's Cyber Division, working in cooperation with the DOJ, the Federal Bureau of Investigation*, and other international law enforcement partners, disrupted LockBit's operations by seizing numerous public-facing websites LockBit was using to connect to the organization's infrastructure and seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data.
The FBI, international law enforcement partners, and the NCA have developed decryption capabilities that may enable hundreds of victims worldwide to restore systems encrypted using the LockBit ransomware variant.
Finally, the DOJ also unsealed two search warrants issued in the District of New Jersey that authorized the FBI to disrupt multiple U.S.-based servers used by LockBit members in connection with the LockBit disruption.
According to the indictment obtained in the District of New Jersey, from as early as January 2021, Sungatov allegedly deployed LockBit ransomware against victim corporations and took steps to fund additional LockBit attacks against other victims.
Sungatov allegedly deployed LockBit ransomware against manufacturing, logistics, insurance, and other companies in Minnesota, Indiana, Puerto Rico, Wisconsin, Florida, and New Mexico.
As early as August 2021, Kondratyev similarly began to deploy LockBit against multiple victims allegedly.
Both Sungatov and Kondratyev are alleged to have joined in the global LockBit conspiracy, also alleged to have included Russian nationals Mikhail Pavlovich Matveev and Mikhail Vasiliev, as well as other LockBit members, to develop and deploy LockBit ransomware and to extort payments from victim corporations.
In May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey, charging Matveev with using different ransomware variants, including LockBit, to attack numerous victims throughout the United States, including the Washington, D.C., Metropolitan Police Department.
In November 2022, a criminal complaint was filed in the District of New Jersey, charging Vasiliev for participating in the LockBit global ransomware campaign.
In June 2023, Russian national Ruslan Magomedovich Astamirov was charged with a criminal complaint in the District of New Jersey for his participation in the LockBit conspiracy, including his deployment of LockBit against victims in Florida, Japan, France, and Kenya.
Kondratyev, according to the indictment obtained in the Northern District of California and unsealed today, is also charged with three criminal counts arising from his use of the Sodinokibi, also known as REvil, ransomware variant to encrypt data, exfiltrate victim information, and extort a ransom payment from a corporate victim based in Alameda County, California.
The LockBit ransomware variant first appeared around January 2020 and, leading into today's operation, had grown into one of the world's most active and destructive variants.
LockBit members have executed attacks against more than 2,000 victims in the United States and around the world, making at least hundreds of millions of U.S. dollars in ransom demands and receiving over $120 million in ransom payments.
Using the control panel operated by the developers, affiliates then deploy LockBit within the victim computer system, allowing them to encrypt and steal data for which a ransom is demanded to decrypt or avoid publication on a public website maintained by the LockBit developers, often called a data leak site.
With LockBit's website being seized by law enforcement, businesses should not become complacent with cybersecurity protection.
Additional details on protecting networks against LockBit ransomware are available at StopRansomware.
Today's new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias - making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
From Physical Security, to IT Security, the 2023 'ASTORS' CHAMPIONS EDITION will have WHAT YOU NEED to Detect, Delay, Respond to, and Mitigate today's real-time threats in our constantly evolving security landscape.
This Cyber News was published on americansecuritytoday.com. Publication date: Tue, 20 Feb 2024 21:13:04 +0000