In a major international cybercrime crackdown, U.S. and U.K. law enforcement agencies have dismantled operations of the notorious LockBit ransomware group, notoriously known for its onslaught on over 2,000 victims worldwide—a move that's seen as a significant blow to one of the most active ransomware gangs. The Department of Justice said Tuesday that the collaborative effort included the U.K. National Crime Agency's Cyber Division, the Federal Bureau of Investigation (FBI), and various global partners. They seized the gang's websites and servers, putting a wrench in the works of their ability to threaten and extort their victims.
"For years, LockBit associates have repeatedly deployed these kinds of attacks again and again across the United States and worldwide. Today, U.S. and U.K. law enforcement are removing the keys to their criminal operation," proclaimed Attorney General Merrick B. Garland. "And we are going a step further – we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data," Garland added in a statement from the Department of Justice.
The partnership also heralds hope for hundreds of victims globally by developing decryption capabilities that may unlock systems affected by the LockBit variant. Deputy Attorney General Lisa Monaco stated, "Using all our authorities and working alongside partners in the United Kingdom and around the world, we have now destroyed the online backbone of the LockBit group, one of the world’s most prolific ransomware gangs." Affected parties are encouraged to contact the FBI for support with decryption.
The hammer of justice also struck two Russian nationals, Artur Sungatov, and Ivan Kondratyev—also known by his alias "Bassterlord"—with the unsealing of an indictment in the District of New Jersey. They stand accused of unleashing attacks in numerous states across the U.S. and countries around the globe, including targets in semiconductor and other industries. "We will put a spotlight on them as wanted criminals. They will no longer hide in the shadows," U.S. Attorney Philip R. Sellinger told the Department of Justice.
LockBit, first appearing around January 2020, rapidly evolved into one of the most prevalent and harmful ransomware variants. The joint operation saw contributions from global authorities, including France's Gendarmerie Nationale Cyberspace Command, Germany's various law enforcement agencies, and many others. Significantly, the Department of the Treasury's Office of Foreign Assets Control has designated Sungatov and Kondratyev for their cyberattack roles, aiming to dissuade future criminal undertakings. Victims seeking assistance can visit the FBI's dedicated website for further guidance.
