Related Articles
In a major win for UK law enforcement, Britain has led an international operation to disrupt what is thought to be one of the world’s most prolific cybercrime gangs.
LockBit, a notorious, Russian-based criminal ransomware group, has been locked out of its own website. The hackers have been hacked.
LockBit’s website is now overlaid with a message saying it is under the control of the UK’s National Crime Agency which is “working in close cooperation with the FBI and the international law enforcement task force, Operation Cronos”.
Ciaran Martin, former head of the UK’s National Cyber Security Centre, has labelled the operation – which has been underway covertly for some time – “one of the most consequential disruptions ever undertaken against one of the giants of ransomware, and certainly by far the biggest ever led by British police.”
LockBit burst onto the scene four years ago and has done tremendous harm, targeting thousands of victims around the world, including at least 200 in the UK, and causing losses totalling billions of pounds, dollars and euros in ransom payments.
It is now considered the bigger player in ransomware. The National Crime Agency estimates that the group was responsible for 25 per cent of ransomware attacks over the last year. Among its high-profile targets is the Royal Mail, which was hit by a cyber attack in January 2023, disrupting international deliveries.
Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them. LockBit develops ransomware and sells it to other hackers to allow them to carry out their own cyber attacks on computer networks.
Ransomware is considered one of the biggest cyber threats facing countries worldwide. And ransomware gangs run highly sophisticated operations. In February 2022, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, another Russian-affiliated ransomware group. These chats revealed that the Conti had more than 100 employees on its payroll, numerous departments each with its own budget, and an HR department that constantly interviewed potential new hires.
Law enforcement has now gained access to LockBit’s internal data which will provide a unique insight into the true scale of the group’s work, including a more extensive list of its victims and the amount of money extorted.
While the National Cyber Security Centre urges organisations not to pay ransoms if they are targeted, some don’t admit they’ve been hacked and simply cough up.
Which is understandable given the havoc wreaked upon those who refuse to be intimidated.
Back in October, the British Library was crippled by a major cyber-attack that shut down many of its services for months on end after it refused to pay a £600,000 ransom to Rhysida, another notorious Russian-affiliated hacker gang.
Rhysida works differently to LockBit: it is a ransomware-as-a-service group, meaning anyone can contract it to target a victim of their choosing. The FT estimates that its attack will cost the British Library up to £7m. It’s thought that this particular high-profile sabotage was a showcase operation – the group’s advert to potential clients that it is capable of taking down such a big institution.
This same logic explains why today’s law enforcement operation matters. The aim is to undermine LockBit’s credibility and scare off other criminals who would have been tempted to pay to use its services.
Admittedly, such groups tend to re-emerge after shutdowns in some form. Yet disruption is one of a limited number of ways to target these criminal gangs given that so many of them are based in Russia, beyond the reach of law enforcement for arrest.
Even more importantly, Britain needs to improve its cyber-defences. Experts warn that the government’s lack of investment in cybersecurity has turned the country into an open goal for malicious actors.
Write to us with your comments to be considered for publication at letters@reaction.life
Source link
