FBI, NCA, and Europol Disrupt LockBit (Cybercrime)
Sawako Utsumi and Lee Jay Walker
Modern Tokyo Times
Europol, the Federal Bureau of Investigation (FBI – America), and the National Crime Agency (United Kingdom) have combined forces to disrupt the infamous LockBit cybercrime gang.
The Cybersecurity and Infrastructure Security Agency (America) said, “In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance in observed ransomware TTPs presents a notable challenge for organizations working to maintain network security and protect against a ransomware threat.”
Accordingly, the news that the international agencies of Europol, the FBI, and NCA are making inroads against LockBit bodes well. LockBit, utilizing encrypted messaging apps, stated they have backup servers that remain outside the reach of international cyber agencies. However, it is presumed that this is just the start of the operation by international agencies against LockBit.
Reuters reports, “Lockbit and its affiliates have hacked some of the world’s largest organisations in recent months. The gang makes money by stealing sensitive data and threatening to leak it if victims fail to pay an extortionate ransom. Its affiliates are like-minded criminal groups that are recruited by the group to wage attacks using Lockbit’s digital extortion tools.”
Other international agencies are involved in the operation. The NCA said, “The NCA can confirm that LockBit services have been disrupted as a result of international law enforcement action. This is an ongoing and developing operation.”
LockBitSupp responded by saying, “FBI f****d up servers via PHP, backup servers without PHP can’t be touched.”
However, international agencies confirmed that they control the platform of LockBit – and all essential information is being scrutinized. Hence, source code to data stolen – and internal chats – are now in the hands of international agencies in their fight against this cybercrime gang.
Recent FBI operations in their fight against cybercrime and cyberespionage include the disruption of a Chinese botnet and the taking down of a controlled botnet related to the military intelligence of the Russian Federation.
CNN reports, “It’s a blow to the near-term operations of a multinational ransomware gang known as LockBit, which has been a menace to organizations all over the world, including health care providers in the US. The hackers claimed credit for a November ransomware attack that forced New Jersey-based Capital Health to cancel some patient appointments.”
LockBit core members are outside the jurisdiction of international agencies fighting against cybercrime and cyberespionage.
The ransomware ecosystem will be impacted in the short term.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
Modern Tokyo News is part of the Modern Tokyo Times group
http://moderntokyotimes.com Modern Tokyo Times – International News and Japan News
http://sawakoart.com – Sawako Utsumi and her website – Modern Tokyo Times artist
https://moderntokyonews.com Modern Tokyo News – Tokyo News and International News
PLEASE JOIN ON TWITTER
https://twitter.com/MTT_News Modern Tokyo Times
PLEASE JOIN ON FACEBOOK