NCA, FBI take down Russia-linked LockBit ransomware gang

A global cybercrime coalition has effectively dismantled the operational network of LockBit, a leading global ransomware syndicate. 

The operation captured the group’s “command and control” systems, marking a significant blow against LockBit’s criminal activities. The NCA, FBI, Europol, and a united front of law enforcement agencies worldwide were involved in the capture. 

In recent years, LockBit had been behind some of the biggest hacks and crypt-extortion, including the breach of Bangkok Airways, Accenture, and Canadian Government Services. In November, the group targeted Capital Health, which operated two major hospitals and several satellite and specialty clinics across the United States. 

The coalition took over LockBit’s own website and put up a disclaimer showing that it had been confiscated.

The crackdown led to the arrest of key LockBit figures in Poland and Ukraine, with additional charges brought against two alleged affiliates in the United States. Authorities have also identified two Russian nationals connected to the group who remain at large.

Efforts to disrupt LockBit’s financial operations have seen the freezing of over 200 cryptocurrency accounts associated with the network.

LockBit used to show a ransomware countdown timer on their website, displaying when they will leak their victim’s data. The NCA-led coalition mocked the criminal gang by repurposing their timers to schedule the release of their own information, potentially including the identity of its leader.

Lockbit would publish stolen information on their blog

Now it’s the NCA's turn https://t.co/Y4dNMufFQ4 pic.twitter.com/0388ThuvMA

— CertiK Alert (@CertiKAlert) February 20, 2024

Additionally, the U.S. DOJ has recently issued an indictment against Russian citizens Artur Sungatov and Ivan Kondratyev, accusing them of executing LockBit ransomware attacks on American targets, further intensifying the legal actions against the ransomware group.