[ad_1]
Charlie Neibergall/AP
An FBI seal is seen on a wall in Omaha, Nebraska.
cnn
—
The FBI and its international allies have taken over a dark website that is the most prolific in the world ransomware gang has used to extort his victims, according to a message on the website seen by CNN.
It’s a blow to the short-term operations of a multinational ransomware gang known as BlockBitwhich has been a threat to organizations around the world, including healthcare providers in the US. Hackers took credit for a ransomware attack in November that forced New Jersey-based Capital Health , to cancel some patient appointments.
LockBit also claimed responsibility for the ransomware attacks by Industrial and Commercial Bank of China and Fulton County, Georgia, in recent months.
“We can confirm that Lockbit services have been disrupted as a result of action by international authorities; this is an ongoing and developing operation,” reads a message posted on the hackers’ website on Monday, along with the stamps from the FBI, UK National Crime Agency (NCA) and a host of other law enforcement agencies from Australia to Germany.
An NCA spokesperson confirmed to CNN that a police operation against LockBit was underway, adding that the agency will publicly reveal more details on Tuesday.
An FBI spokesperson told CNN: “There will be a formal announcement and additional details to follow.”
Capturing a ransomware group’s dark website forces cybercriminals to set up new IT infrastructure to extort victims. It may also indicate deeper access by law enforcement into hackers’ networks. In another operation against a ransomware gang announced a year ago, the FBI said it had access to decryption software that saved victims about $130 million in ransom payments.
Analysts believe LockBit has members or criminal partners in Eastern Europe, Russia and China. Like other deep-pocketed ransomware groups, LockBit rents its ransomware to “affiliates,” who use the malicious code in attacks and then keep a portion of the ransom paid by victims.
LockBit represents a quarter of the ransomware market based on victim information that hackers have posted online, according to Don Smith, vice president of threat research. at the cybersecurity company Secureworks.
This operation is the latest step in a multi-year fight between the FBI and its allies around the world and ransomware gangs that are often based in Eastern Europe and Russia.
While there have been notable arrests and police seizures of ransom payments worth millions of dollars, the ransomware economy continues to thrive.
Cybercriminals extorted a record $1.1 billion in ransom payments from victim organizations around the world last year despite the US government’s efforts to cut off their money flows, cryptocurrency tracking firm Chainalysis estimated .
“It is highly unlikely that the core members of the LockBit group will be arrested as part of this operation as they are based in Russia,” Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, told CNN.
Still, he said, the seizure of LockBit’s website by law enforcement “means there will be a significant, albeit short-lived, impact on the ransomware ecosystem and a slowdown in attacks,” Liska said.
“LockBit has also earned a reputation as one of the most ruthless ransomware operators, encouraging its affiliates to attack hospitals and schools,” he added. “My hope is that these sectors have a breathing space to build their defenses.”