Skip to content

Image from National Crime Agency

UK and U.S. Lead Effort that Disrupts Major Ransomware Syndicate

An international consortium of law enforcement agencies dealt a blow to LockBit, one of the most potent ransomware variants of the last few years.

Simultaneous announcements today from the United Kingdom’s National Crime Agency (NCA), the United States’s Department of Justice (DOJ), and Europol detailed the enforcement action. The NCA seized several LockBit websites, disrupting the ransomware’s capability to attack networks. Together with the U.S. FBI and other partners, authorities are offering decryption capabilities so organizations currently affected by LockBit can restore encrypted systems.

“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” U.S. Attorney General Merrick B. Garland announced. “And we are going a step further—we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data.”

U.S. organizations undergoing a ransomware attack should contact the FBI to assess if the intrusion can be neutralized; the UK’s NCA has a similar site. For other European nations, Europol maintains a list of cyber-reporting sites by country.

The Europol release highlighted the arrest of two individuals related to the action, one in Poland, the other in Ukraine. Three other warrants and five indictments were also issued, and authorities froze more than 200 cryptocurrency accounts.

One of those arrested is reportedly a criminal hacker called Bassterlord who has produced manuals on how criminals can get started and profit from cyber intrusions. Bassterlord has had an oversized public profile in the past year, granting at least two media interviews.

LockBit is known as ‘ransomware as a service,” or, as Cyberscoop described, “an affiliate model, by which a central entity controls the infrastructure on which the ransomware operates, leases access to that system and then splits profits from the operations that the so-called affiliates run using that infrastructure.”

LockBit was the most-used ransomware variant used against industrial organizations in 2023, according to cybersecurity firm Dragos. The Cyberscoop article reported that LockBit had resulted in $144 million in ransom payments and targeted more than 2,000 companies—including attacks against vital facilities around the world such as the busy Port of Nagoya in Japan.

Overall, ransomware continues to be a scourge to businesses worldwide. Another cybersecurity firm, Chainalysis, reported that companies paid $1.1 billion in ransoms from ransomware attacks in 2023 alone. As ransomware and other cybercrime continues to increase, no industry or sector is safe. Recently Security Management has featured packages of content devoted to cybersecurity in the healthcare and nonprofit sectors.