Lockbit, the world’s “most harmless” hacker group, was hit hard by an international police operation

It is one of the most active ransomware groups in the world. First seen in 2019, the Russian-speaking hacker group Lockbit collected a total of nearly $91 million in ransoms. Its headquarters were demolished by law enforcement on February 19 during Operation Kronos, an invasion led by 11 countries, including France. “This site is now under the control of law enforcement”A message on the home page indicates that the British Agency for Combating Organized Crime (NCA) has taken over with the help of agencies from several countries, including Europol, the American FBI and the National Cyber ​​Unit. National Gendarmerie.

It was specifically on this site that the hackers displayed the names of the victims, disclosed the ransom amount and published the stolen data. In France, the group notably targeted the Corbel-Essonnes hospital in 2022, demanding $1 million not to publish its sensitive information. Among other victims: La Poste Mobile, a branch of the Loiret department or Thales group, heads to kill him.

“The most active and destructive” group

A hacker specializes in group attacks “Ransomware” (Rainware). It infiltrates systems, encrypts and blocks data to demand a ransom for its non-disclosure. If the victim does not pay the required amount, all the files are put online or resold. In November 2022, the US Department of Justice described Lockbit ransomware “More active and more destructive types in the world”. In France, this group was the origin of 27% of ransom demands in 2022 and 2023, and the National Information Systems Security Agency (Anssi) processed 69 hacks attributed to it.

Also readCybersecurity: Record year for ransomware, haunting global companies

These hackers are used to targeting critical infrastructure and large industrial groups with ransom demands ranging from 5 to 70 million euros. Abroad, Lockbit has also specifically targeted the Royal Mail (British Post Office), German automobile supplier Continental, the California Administration and the American chain sandwich, Subway, in 2023.

Other sites remain active

Be careful, however, not to declare victory too quickly: On X (formerly Twitter), malware experts vx-underground note that “Law enforcement has reportedly seized or destroyed at least 22 sites linked to Lockbit”. Note that even if their main site is offline, Lockbit ransomware may continue to operate and other subsidiary sites remain accessible.

Also readDark Web, Encrypted Networks and Ransomware: Diving into the Dark World of Cybercriminal Trackers

Many hacker groups are alleged “broken down” In recent years and quickly reappeared. When one head is cut off, the other quickly grows back. Especially since some of these pirates often live in Russia and are therefore safe from police forces looking for them. Others are hackers “Affiliates”, independent, who use the Lockbit software by paying them a percentage of the ransom they receive. So it is more difficult to identify them.

Media spotlights, sting operations and LockBeat have made it the notoriety it has in the world of cybercrime today. “Transformed into a real crime enterprise, its operators, hackers who rent software, trade and communication services”

, like other groups, elaborated by special means Numerama. In a joint memo, the cybercrime agencies noted that Lockbit was responsible for 16% to 27% of ransom demands, depending on the country.