United States, U.K. take down international LockBit ransomware group

The U.S. Department of Justice (DOJ) recently announced that, together with the United Kingdom, it had successfully disrupted the LockBit ransomware group, seizing its infrastructure and developing decryption capabilities for its software.

The group has reportedly targeted more than 2,000 victims and taken in more than $120 million in ransom payments, while issuing ransoms for millions more. Law enforcement from both sides of the ocean hit LockBit’s operations by seizing public-facing websites and servers used by its administrators. The U.S. subsequently indicted two Russian nationals affiliated with the group for attacks against multiple U.S. and international victims.

“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world,” Attorney General Merrick Garland, said. “Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation. And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data. LockBit is not the first ransomware variant the Justice Department and its international partners have dismantled. It will not be the last.”

The LockBit ransomware variant first appeared around January 2020.

LockBit the group worked by attacking and encrypting networks, then extorting victims by threatening to publish stolen data online. The U.K. National Crime Agency’s (NCA), together with the FBI and international law enforcement partners, also reportedly developed decryption capabilities to allow victims worldwide to restore systems encrypted by the LockBit ransomware variant. Victims can contact the FBI for details at: https://lockbitvictims.ic3.gov/.

“Today’s actions are another down payment on our pledge to continue dismantling the ecosystem fueling cybercrime by prioritizing disruptions and placing victims first,” Deputy Attorney General Lisa Monaco said. “Using all our authorities and working alongside partners in the United Kingdom and around the world, we have now destroyed the online backbone of the LockBit group, one of the world’s most prolific ransomware gangs. But our work does not stop here: together with our partners, we are turning the tables on LockBit — providing decryption keys, unlocking victim data, and pursuing LockBit’s criminal affiliates around the globe.”

Charges against the Russian nationals – Artur Sungatov and Ivan Kondratyev – were filed in the District of New Jersey and the Northern District of California, respectively. Search warrants were also unsealed by the District of New Jersey that authorized the FBI to disrupt multiple U.S.-based servers used by LockBit members.