Current:Home > NewsNotorious ransomware provider LockBit taken over by law enforcement-LoTradeCoin
Notorious ransomware provider LockBit taken over by law enforcement
View Date:2024-12-24 07:29:56
Washington — A ransomware service provider that has targeted over 2,000 systems across the globe, including hospitals in the U.S., with demands for hundreds of millions of dollars was taken down Monday, and Russian nationals were charged as part of an international plot to deploy the malicious software, the Justice Department announced Tuesday.
Known as LockBit, the network of cybercriminals targets critical components of manufacturing, healthcare and logistics across the globe, offering its services to hackers who deploy its malware into vulnerable systems and hold them hostage until a ransom is paid. The attackers have so far extorted more than $120 million from their victims, officials said, and their program has evolved into one of the most notorious and active.
As part of this week's operation, the FBI and its law enforcement partners in the United Kingdom seized numerous public-facing platforms where cybercriminals could initiate contact with and join LockBit. Investigators also seized two servers in the U.S. that were used to transfer stolen victim data.
The front page of LockBit's site has been replaced with the words "this site is now under control of law enforcement," alongside the flags of the U.K., the U.S. and several other nations, the Associated Press noted.
According to Attorney General Merrick Garland, the U.S. and its allies went "a step further" by obtaining the "keys" that can unlock attacked computer systems to help victims "regain access to their data," releasing them from having to pay a ransom. The move could help hundreds of victims worldwide.
Two Russian nationals who allegedly used LockBit's ransomware against companies across the U.S. — in Oregon, New York, Florida and Puerto Rico — were also indicted in New Jersey as part of the Justice Department's latest play against the group.
Artur Sungatov and Ivan Kondratyev joined a growing number of defendants accused by federal prosecutors of attacking American institutions as part of the LockBit scheme. A total of five have now been charged, including an individual who allegedly targeted Washington, D.C.'s police force.
LockBit was the most commonly used version of ransomware in 2022, according to a joint cybersecurity advisory published by the FBI and the Cybersecurity and Infrastructure Security Agency last year, and targeted an "array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation."
The LockBit network was first seen on Russian-speaking cybercrime platforms in 2020 and continued to evolve and grow, targeting computer platforms and various operating systems. By 2022, 16% of ransomware attacks in the U.S. were deployed by the LockBit group, according to the advisory.
Criminals conventionally gain access to vulnerable systems through phishing emails or when users visit an infected site while browsing the internet. And U.S. officials consistently warn users to avoid paying ransoms and instead contact law enforcement.
Federal investigators have recently developed a new approach to combat ransomware attacks that can be both costly to victims and damaging to the normal functioning of society: arming victims with the tools necessary to counter a malware attack.
Similar to the LockBit operation, in July 2022, the FBI toppled an international ransomware group called Hive and collected decryption keys for its penetrated computer networks it had breached to conduct what officials called a "21st-century high-tech cyber stakeout." FBI agents then distributed the keys to the victims whose networks were being ransomed.
And in August, investigators took down a criminal network known as the Qakbot botnet — a grouping of computers infected by a malware program that was used to carry out cyberattacks. Law enforcement gained access to the QakBot infrastructure and "redirected" the cyber activity to servers controlled by U.S. investigators, who were then able to inject the malware with a program that released the victim computer from the botnet, freeing it of the malicious host.
Victims of LockBit attacks are encouraged to contact the FBI for further assistance.
- In:
- Cyberattack
- Ransomware
- Malware
Robert Legare is a CBS News multiplatform reporter and producer covering the Justice Department, federal courts and investigations. He was previously an associate producer for the "CBS Evening News with Norah O'Donnell."
veryGood! (8)
Related
- Jenn Tran's Ex Devin Strader Throws Shade At Her DWTS Partner Sasha Farber Amid Romance Rumors
- Is the Controlled Shrinking of Economies a Better Bet to Slow Climate Change Than Unproven Technologies?
- Looking to Reduce Emissions, Apparel Makers Turn to Their Factories in the Developing World
- New York Embarks on a Massive Climate Resiliency Project to Protect Manhattan’s Lower East Side From Sea Level Rise
- Democratic state leaders prepare for a tougher time countering Trump in his second term
- You'll Unconditionally Love Katy Perry's Latest Hair Transformation
- The TVA’s Slower Pace Toward Renewable Energy Weakens Nashville’s Future
- Warming Trends: A Delay in Autumn Leaves, More Bad News for Corals and the Vicious Cycle of War and Eco-Destruction
- Travis Kelce's and Patrick Mahomes' Kansas City Houses Burglarized
- A power outage at a JFK Airport terminal disrupts flights
Ranking
- Where is 'College GameDay' for Week 12? Location, what to know for ESPN show
- Olympic Swimmer Ryan Lochte and Wife Kayla Welcome Baby No. 3
- In a Stark Letter, and In Person, Researchers Urge World Leaders at COP26 to Finally Act on Science
- US Blocks Illegal Imports of Climate Damaging Refrigerants With New Rules
- Mega Millions winning numbers for November 12 drawing: Jackpot rises to $361 million
- Fossil Fuel Companies Took Billions in U.S. Coronavirus Relief Funds but Still Cut Nearly 60,000 Jobs
- House approves NDAA in near-party-line vote with Republican changes on social issues
- Amazon Shoppers Love This Very Cute & Comfortable Ruffled Top for the Summer
Recommendation
-
Taylor Swift drops Christmas merchandise collection, including for 'Tortured Poets' era
-
Does Another Plastics Plant in Louisiana’s ‘Cancer Alley’ Make Sense? A New Report Says No
-
Russia increasing unprofessional activity against U.S. forces in Syria
-
Transcript: National Security Adviser Jake Sullivan on Face the Nation, July 16, 2023
-
Up to 20 human skulls found in man's discarded bags, home in New Mexico
-
Dylan Lyons, a 24-year-old TV journalist, was killed while reporting on a shooting
-
Nearly $50,000 a week for a cancer drug? A man worries about bankrupting his family
-
One-third of Americans under heat alerts as extreme temperatures spread from Southwest to California