The Department of Justice (DoJ) and FBI, along with the U.K. National Crime Agency’s (NCA) Cyber Division and other international law enforcement partners, announced today that they have disrupted the LockBit ransomware group – one of the most active ransomware groups in the world.
Since it launched in January 2020, the LockBit ransomware group has targeted over 2,000 victims and received over $120 million in ransom payments. The DoJ, FBI, and partners were able to disrupt the cyber gang by seizing control of public-facing websites and servers used by LockBit, thereby disrupting the group’s ability to attack networks and publish victims’ stolen data.
“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” Attorney General Merrick Garland said in a press release.
“And we are going a step further – we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data,” he continued, adding, “LockBit is not the first ransomware variant the Justice Department and its international partners have dismantled. It will not be the last.”
In good news for those who have been targeted by the LockBit group, the agencies have developed decryption capabilities that can help hundreds of victims to restore systems that were encrypted using the LockBit ransomware variant. Starting today, victims can contact the FBI by going to https://lockbitvictims.ic3.gov/ to see if their affected systems can be decrypted.
The DoJ has charged two Russian nationals – Artur Sungatov and Ivan Kondratyev, also known as Bassterlord – with deploying LockBit ransomware against numerous organizations throughout the United States.
Additionally, Kondratyev deployed LockBit against additional targets located in Singapore, Taiwan, and Lebanon. With the indictment unsealed today, five LockBit members have now been charged for their participation in the cyber gang.
“Today, the FBI and our partners have successfully disrupted the LockBit criminal ecosystem, which represents one of the most prolific ransomware variants across the globe,” said FBI Director Christopher Wray. “Through years of innovative investigative work, the FBI and our partners have significantly degraded the capabilities of those hackers responsible for launching crippling ransomware attacks against critical infrastructure and other public and private organizations around the world.”
“This operation demonstrates both our capability and commitment to defend our nation’s cybersecurity and national security from any malicious actor who seeks to impact our way of life,” Wray added. “We will continue to work with our domestic and international allies to identify, disrupt, and deter cyber threats, and to hold the perpetrators accountable.”
While the takedown will disrupt the LockBit group for a while, Richard Cassidy, field CISO at Rubrik, warned that cyber defenders must stay vigilant as these groups often adapt their operations and tactics.
“Undoubtedly, the news of LockBit’s disruption is a welcome development on the ransomware battlefield, however, the war is far from over,” Cassidy said. “While operations for LockBit will have been affected for a to-be-determined period, we should not underestimate their adaptability. These groups have consistently shown a remarkable capacity to adapt to law enforcement actions, evolve their tactics, and continue their operations, sometimes under new guises.”
