UK leads international crackdown of major cyber-criminal group

The UK has played a key role in an international mission to take down what is thought to be the world’s largest criminal ransomware group.

Law enforcement from ten countries has crippled the operations of the LockBit ransomware group.

After infiltrating the group’s network, the National Crime Agency (NCA) has taken control of its services, including its leak site on the dark web, on which the criminal gang hosted the data stolen from victims.

NCA director general Graeme Biggar said: “This NCA-led investigation is a ground-breaking disruption of the world’s most harmful cybercrime group. It shows that no criminal operation, wherever they are, and no matter how advanced, is beyond the reach of the Agency and our partners.

 “Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems.

“As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity."

Since emerging in 2019, LockBit has targeted over 2,000 victims and received more than $120 million in ransom payments.

Those who suffered an attack from their group would usually have their data stolen and their systems encrypted. After this, the cyber gang would demand a cryptocurrency ransom to decrypt their files and prevent their data from being leaked.

Yet, the NCA has now revealed that some data within LockBit's system belonged to victims who had paid a ransom to the criminals, showing that paying did not guarantee the data would be deleted.

This crackdown follows an investigation led by the UK's National Crime Agency known as ‘Operation Cronos,’ coordinated at a European level by Europol and Eurojust.

The case was opened in April 2022 at the request of the French authorities.

The months-long operation has resulted in the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the US, and the UK. Authorities have also frozen over 200 cryptocurrency accounts linked to the criminal organisation.

Also, two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities, with three international arrest warrants and five indictments also being issued by the French and U.S. judicial authorities.

With support from Europol, and the Japanese Police, the NCA and the FBI decryption tools have also designed tools to recover files encrypted by the LockBit Ransomware.

Available for free on the 'No More Ransom' portal, more than six million victims have now accessed the tools worldwide.