(MENAFN- The Peninsula) AFP
London: Britain's National Crime Agency on Tuesday said it had disrupted "the world's most harmful cyber crime group" in an international operation targeting ransomware specialist LockBit.
NCA director general Graeme Biggar said the agency had "successfully infiltrated and fundamentally disrupted" the organisation which last year attacked Britain's Royal Mail and a Canadian children's hospital.
"We have hacked the hackers. We have taken control of their infrastructure," Biggar said, adding that in the past year LockBit had been behind 25 percent of all attacks.
"As of today LockBit is effectively redundant, LockBit has been locked out," he said.
LockBit was targeted as part of a dedicated taskforce called Operation Cronos involving the NCA working with the US Federal Bureau of Investigation and agencies in nine other countries.
LockBit's website -- selling services that allow people to organise cyber attacks and hold data until a ransom is paid appears -- was taken over on Monday evening.
A message appeared on the site stating that it was "now under control of law enforcement".
"This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," it read.
Acting US Assistant Attorney General Nicole Argentieri said LockBit had targeted over 2,000 victims worldwide, including in Britain and the United States and has received more than $120 million in ransomware payments.
In January 2023, US law enforcers shut down the Hive ransomware operation which had extorted some $100 million from more than 1,500 victims worldwide.
Following that action, Lockbit had been seen as the biggest current threat.
Dark Web
Hive and Lockbit are part of what cybersecurity experts call a "ransomware as a service" style, or RaaS -- a business that leases its software and methods to others to use in extorting money.
Ariel Ropek, director of cyber threat intelligence at cybersecurity firm Avertium, told AFP last year that this structure makes it possible for criminals with minimal computer fluency to get into ransomware by paying others for their expertise.
On the so-called dark web, providers of ransomware services pitch their products openly.
At one end are the initial access brokers, who specialise in breaking into corporate or institutional computer systems.
They then sell that access to the hacker, or ransomware operator.
But the operator depends on RaaS developers like Hive or Lockbit, which have the programming skills to create the malware needed to carry out the operation and avoid counter-security measures.
Typically, their programmes -- once inserted by the ransomware operator into a target's IT systems -- are manipulated to freeze, via encryption, the target's files and data.
RaaS developers offer a full service to the operators, for a large share of the ransom paid out, according to Ropek.
When the ransomware is planted and activated, the target receives a message telling them how much to pay to get their data unencrypted.
That ransom can run from thousands to millions of dollars, usually depending on the financial strength of the target.
MENAFN20022024000063011010ID1107876616
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.