infamous rock bit A cybercriminal organization holding victims' data for ransom has been thwarted in an unprecedented international law enforcement operation, the organization and U.S. and British authorities said Monday.
The operation was run by a coalition of Britain's National Crime Agency, the US Federal Bureau of Investigation, Europol and international police agencies, according to posts on gang extortion websites.
“This site is currently under the control of the UK National Crime Agency, working closely with the FBI and the international law enforcement force Operation Chronos,” the post said.
A spokesperson for the NCA and a spokesperson for the US Department of Justice acknowledged that authorities had disrupted the gang and said the operation was “ongoing and evolving.”
U.S. authorities say Lockbit has attacked more than 1,700 organizations in nearly every industry, from financial services and food to schools, transportation, and government departments, calling the group the world's largest ransomware threat. I am.
A representative for Rockbit did not respond to messages seeking comment, but posted a message on an encrypted messaging app saying it has backup servers that are immune to law enforcement action.
The FBI did not respond to requests for comment.
The post also names other international police organizations in France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland and Germany.
“Ransomware Walmart”
Rockbit and its affiliates have hacked some of the world's largest organizations in recent months. The gang makes money by stealing sensitive data and threatening to leak it unless victims pay exorbitant ransoms. Its affiliates are like-minded criminal groups that Rockbit recruits to carry out attacks using digital extortion tools.
Ransomware is malicious software that encrypts data. Lockbit makes money by forcing targets to pay ransoms and decrypting or unlocking data with digital keys.
Lockbit was discovered in 2020 when the eponymous malicious software was discovered on a Russian-language cybercrime forum, and some security analysts believe the gang is based in Russia.
Read: Ransomware attacks: How South African businesses should respond
However, the gang has not professed support for any government, nor has any government formally attributed it to a nation-state. “We are based in the Netherlands, completely apolitical and only interested in money,” the group said on its now-defunct dark website.
“They're the Walmart of ransomware groups, and they run it like a business. That's what makes them different,” said John DiMaggio, chief security strategist at US-based cybersecurity firm Analyst1. talk. “They are probably the largest ransomware group today.”
Last November, Rockbit released internal data from Boeing, one of the world's largest defense and space contractors. In early 2023, the UK's Royal Mail faced severe disruption following an attack by the group.
According to cybersecurity research website vx-underground, Rockbit said in a Russian-language statement shared on the encrypted messaging app Tox that the FBI attacked a server running in the programming language PHP. . The statement added that, although it could not be independently verified, there were backup servers that did not run PHP and were “untouched.”
On X, formerly known as Twitter, a screenshot shared by vx-underground showing the control panel used by Rockbit affiliates to launch the attack has been replaced with a message from law enforcement. Ta. “There was extortion of money, data theft, chats and many other things.”
“We may contact you soon,” he added. “Have a nice day.”
Prior to its removal, Lockbit's website displayed an ever-growing gallery of victim organizations that was updated almost daily. Next to their names was a digital clock indicating the number of days left until the ransom payment deadline given to each organization.
A similar countdown appeared on Rockbit's site on Monday, but the law enforcement agency responsible for the hackers said, “For more information, please return here on Tuesday, February 20th at 11:30 GMT. Please,” the post said.
Don Smith, vice president of Secureworks, a division of Dell Technologies, said Lockbit is the most prolific and dominant ransomware operator in the competitive underground market.
40 countries pledge not to pay money to ransomware attackers
“To put today’s takedowns in perspective, based on data from leaked sites, Lockbit had a 25% share of the ransomware market. Their closest rival is Blackcat with about 8.5%; After that, the fragmentation really starts,” Smith said. “Rockbit is dwarfing all other groups, and today's action is critical.” — James Pearson, Christopher Bing, Karen Freifeld, (c) 2024 Reuters