US authorities have charged five Russian nationals after a global operation to take down an infamous cyber crime gang that holds victims’ data to ransom.
Lockbit has been disrupted by the National Crime Agency (NCA) and a coalition of international police agencies, including the FBI, who have taken control of the group’s extortion website.
The gang and its affiliates have hacked some of the world’s largest organisations, including Royal Mail, which faced severe disruption after an attack in early 2023.
Director general of the NCA Graeme Biggar announced an international law enforcement coalition of 10 countries has “hacked the hackers” and taken down a prolific ransomware site.
Speaking at a press conference in Westminster, he said Lockbit had been the most prolific ransomware group in the last four years and was behind 25% of attacks in the past year.
There are more than 200 victims in the UK and thousands internationally, with losses of billions of pounds in ransom payments and the cost of recovering data, with targets including major companies and public services including hospitals.
An attack in September last year saw sensitive military information leaked when private security firm Zaun was targeted.
Body found in River Thames in search for Clapham chemical attack suspect Abdul Ezedi
Nottingham attacker Valdo Calocane’s ‘unduly lenient’ sentence to be referred to Court of Appeal
Money latest: Santander hiking all mortgage rates for new customers tomorrow
Mr Biggar said Lockbit had no direct support from the Russian state, although cyber crime is tolerated in the country.
The US authorities have brought charges against five Russian nationals, two of whom are in custody – Mikhail Vasiliev, who is being held in Canada subject to extradition proceedings, and Ruslan Magomedovich Astamirov, who is in the US.
The remaining three – Artur Sungatov, Ivan Kondratyev and Mikhail Pavlovich Matveev – are still at large.
Be the first to get Breaking News
Install the Sky News app for free
Two people have been arrested in Poland and Ukraine and more than 200 cryptocurrency accounts believed to be linked to the group have been frozen.
A post on the group’s website on Monday said: “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.”
Europol and other international police organisations from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland and Germany all aided in the rare law enforcement operation.
NCA Deputy Director Paul Foster said the group operated a slick website with loyal customers and even ran a successful marketing campaign offering to pay $1000 to anyone who had a tattoo of the Lockbit logo.
He said that even less tech savvy cyber criminals were able to use the group’s digital extortion tools with a few simple clicks.
Mr Biggar said: “We have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems.
“As of today, Lockbit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity.”