HACKING THE HACKERS: FBI, law enforcement agencies from 11 other countries shut down ransomware websites of notorious cybercriminal group
02/23/2024 // Belle Carter // Views

The Federal Bureau of Investigation (FBI) and law enforcement agencies from 11 other countries, including the National Crime Agency (NCA) of the United Kingdom, have engaged in a cyber operation that seized LockBit, a cybercriminal group proposing ransomware as a service. The said attack was able to shut down the websites that it uses for payments of the recovery of a victim's data that the cyber-terrorists have blocked using crypto virological malware.

"This site is now under the control of the National Crime Agency of the U.K., working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos,'" a notice on Lockbit's website read.

According to FBI officials, the agencies were able to strike down 11,000 domains used by LockBit and its affiliates to facilitate ransomware. "LockBit has caused enormous harm and cost – no longer," Graeme Biggar, NCA's director general, said at a press conference. "We have hacked the hackers, we have taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems."

The operation has already led to four arrests and the authorities promised on Tuesday, Feb. 20, to repurpose the technology to expose the group's operations to the world. Europol – the international law enforcement agency of the European Union – said that two had been arrested in Poland and Ukraine and that two other defendants, thought to be affiliates, had been arrested and charged in the United States. Two more individuals – both Russians – have been named but are still at large. Authorities have also frozen more than 200 cryptocurrency accounts linked to the group.

We are building the infrastructure of human freedom and empowering people to be informed, healthy and aware. Learn about our free, downloadable AI tools on nutrition, health and preparedness at this article link. Every purchase at HealthRangerStore.com helps fund our efforts to build and share more tools for empowering humanity with knowledge and abundance.

Agents seized control of Lockbit's equipment, including servers with victim data, file-share servers, and communication servers, he said. That will help authorities return stolen data to the companies and other organizations hacked by LockBit. "We'll be notifying victims here soon," Leatherman said in an interview.

LockBit, which specializes in using malicious software known as ransomware to encrypt files on its victims' computers then demanding payment to unlock the files, was responsible for temporarily disrupting $26 trillion worth of assets in the U.S. Treasury market last year.

LockBit has also claimed 1,600 victims in the U.S. and 2,000 internationally, according to the FBI. A majority are within the private sector, and the FBI said it is tracking 144 million ransoms paid about LockBit attacks. (Related: Global cybercrime kingpin BUSTED in crackdown involving multiple law enforcement agencies.)

"This is a righteous, serious blow against a malevolent actor that has caused financial losses and real suffering all over the world," said Sandra Joyce, vice president of Mandiant Intelligence, part of Google Cloud. "We couldn’t hope for much more in terms of a disruption to ransomware operations. This is the model we hope to see more of moving forward."

LockBit still afloat as another ransomware linked to it spreads online

Just a couple of days after international law enforcement cooperated to strike down one of the most prolific internet ransomware criminal groups, experts have detected a new round of attacks that are installing malware associated with LockBit.

The said attacks were reportedly exploiting two critical vulnerabilities in ScreenConnect, a remote desktop application sold by Connectwise, Ars Technica reported.  According to security firms SophosXOps and Huntress, the hackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware.

"We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown," John Hammond, principal security researcher at Huntress, wrote in an email. "While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement." Hammond said the ransomware is being deployed to "vet offices, health clinics, and local governments."

The security firms didn't say if the ransomware being installed is the official LockBit version or a version leaked by a disgruntled LockBit insider in 2022. The leaked builder has circulated widely since then and has touched off a string of copycat attacks that aren't part of the official operation.

"When builds are leaked, it can also muddy the waters with regards to attribution," researchers from security firm Trend Micro said. "For example, in August 2023, we observed a group that called itself the Flamingo group using a leaked LockBit payload bundled with the Rhadamanthys stealer. In November 2023, we found another group, going by the moniker Spacecolon, impersonating LockBit. The group used email addresses and URLs that gave victims the impression that they were dealing with LockBit."

Check out CyberWar.news for more stories similar to this.

Watch the video below that talks about ransomware attacks, where victims are left without water or money access.

This video is from the InfoWarSSideBand channel on Brighteon.com.

More related stories:

Will hackers cripple America with a cyberattack? Expert says it might happen in 2024.

FBI warns of "Phantom Hacker" scams WIPING OUT senior citizens' life savings.

How to survive a cyber attack TAKEDOWN of America.

Sources include:

Bloomberg.com

TheGuardian.com

ArsTechnica.com

Brighteon.com



Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NaturalNews.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.