International Law Enforcement Operation Arrests Members Of The Lockbit Ransomware Gang

Illustration of US Justice Department (photo: x @TheJusticeDept)

JAKARTA In an international law enforcement operation led by the UK's National Crime Agency (NCA) and the FBI, members of the Lockbit ransomware gang have been arrested and charged. This is an unprecedented police operation that has attacked one of the world's most famous cyber crime gangs.

On Tuesday, February 20, the United States Department of Justice announced charges against two Russian nationals over the use of the Lockbit ransomware against companies and groups around the world.

The indictment was announced when the NCA, the United States Department of Justice, the FBI, and Europol gathered in London to announce interference with the gang, which has targeted more than 2,000 victims worldwide, and received more than $120 million in ransom payments, and demanded hundreds of millions of dollars.

The UK's Cyber National Crime Agency, with the United States Department of Justice (DOJ), the FBI, and other law enforcement, is taking control of the website used by Lockbit in a rare international operation.

"We have taken over their infrastructure, confiscated their source code, and obtained a key that will help victims decrypt their system," Graeme Biggar, director-general of the National Crime Agency, told reporters.

Law enforcement operations, named "Operation Cronos", are international coalitions from 10 countries, he said. "Together, we have arrested, charged, or sanctioned several perpetrators and we have gained unprecedented and comprehensive access to the Lockbit system".

"Today, Lockbit is effectively irrelevant," he added. 'Lockbit has been locked'.

The indictment, disclosed in New Jersey, accuses Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, of using Lockbit ransomware to target victims in manufacturing, logistics, insurance, and other companies in five states and Puerto Rico, as well as in the semiconductor industry and others around the world.

"An additional criminal act against Kondratyev was disclosed on Tuesday, February 20, regarding its use of ransomware in 2020 against a victim in California," the Justice Department said.

"In addition to the indictments in the US, police in Poland and Ukraine also made two arrests," Jean-Philippe Lecouffe, Deputy Executive Director of Operations Europol, told reporters. A large amount of unprecedented data was collected from this investigation and is now in the hands of law enforcement."

Lockbit and its affiliates have hacked several of the world's largest organizations in recent months. The gang made money by stealing sensitive data and threatening to leak it if the victim did not pay the ransom. Their affiliate is a crime group that is in line with the thoughts recruited by Lockbit to carry out attacks using their digital extortion tools.

Ransomware is a malicious software that encrypts data. Lockbit generates money by forcing its target to pay the ransom to decrypt or unlock the data with a digital key.

Before its website was shut down, the Lockbit website featured an increasing number of victims' galleries updated almost daily. Beside their names is a digital clock that shows the number of days remaining until the time limit given to each organization to provide ransom payments.

On Tuesday, Lockbit's leak website was changed by NCA, FBI, and Europol to a leak site about the criminal gang itself, where international police agents published internal data from within the group, and a threatening countdown clock to uncover future sanctions and Lockbit's leader's identity, Lockbit Supp.

A Lockbit representative did not respond to a message from Reuters seeking comment but posting a message in an encrypted messaging app saying they had a backup server that was not affected by law enforcement actions.