Thousands of victims, hospitals or town halls targeted, losses totaling billions of euros… The LockBit cybercriminal group, presented as “the most harmful » in the world, was dismantled during an international police operation, authorities in several countries announced on Tuesday.
3 mins
“ After infiltrating the group’s network, the NCA [agence de lutte contre la criminalité britannique, nldr] took control of LockBit’s services, compromising their entire criminal enterprise “, the NCA said in a statement. According to her, the ransomware targeted “ thousands of victims around the world » and caused losses which in total amount to billions of euros, including the ransoms paid and the costs incurred for the victims. “ We hacked the hackers “, welcomed Graeme Biggar, director general of the NCA, announcing the neutralization of LockBit during a press conference in London.
The kings of ransomware
LockBit targeted critical infrastructure and large industrial groups, with ransom demands ranging from 5 to 70 million euros. In 2023, the group notably attacked the British postal operator and a Canadian children’s hospital, and in France Corbeil-Essonnes hospitals and Versailles in the Paris region. Cybercriminals made available to their “ affiliates » tools and infrastructure allowing them to carry out attacks. These consisted of infecting the victims’ computer network to steal their data and encrypt their files. A ransom was demanded in cryptocurrencies to decrypt and recover the data, under penalty of publication of the victims’ data.
LockBit collected more than $120 million in ransoms in total, according to the United States, where a total of five people, including two Russian nationals, are facing charges. According to the head of the NCA, the investigations did not reveal “ direct support » of the Russian state towards LockBit, but nevertheless underlined a “ tolerance » towards cybercrime in Russia.
“ They are cybercriminals, they are based all over the world, there is a large concentration of these individuals in Russia and they often speak Russian “, did he declare. LockBit is presented as one of the most active malware in the world, with more than 2,500 victims, including more than 200 in France, “ including hospitals, town halls and companies of all sizes », indicated in a press release the Paris prosecutor’s office.
French investigators questioned “ two targets in Poland and Ukraine » and carried out searches, according to the same source. The operation made it possible, according to the Paris prosecutor’s office, to “ take control of a significant portion of LockBit ransomware infrastructure, including on the darknet ”, and in particular the “ wall of shame » (wall of shame) « where the data of those who refused to pay the ransom was published “.
“ This site is now under control of the police »
According to the British NCA, more than 200 cryptocurrency accounts linked to the group have been frozen and investigators have obtained more than 1,000 keys used to decrypt the data so they can return it to their owners. “ This site is now under control of the police », Indicates a message on a LockBit site, specifying that the British NCA has taken control of the site, in cooperation with the American FBI and agencies from several countries.
In November 2022, the US Department of Justice (DoJ) described LockBit ransomware as “ more active and more destructive variants in the world “. A year ago, the Hive ransomware attack network was dismantled. It was accused of targeting 1,500 entities in 80 countries and collecting more than $100 million in ransoms.
(With AFP)
Read alsoHealth data: 33 million French people affected by hacking, an open investigation