11-nation army led by UK eliminates ransomware-for-hire scrotes’ servers.
The UK’s National Crime Agency has broken the LockBit gang. With help from the U.S., Canada, Australia, Finland, France, Germany, Japan, Netherlands, Sweden and Switzerland, the Russian ransomware-as-a-service infrastructure is no more.
Those plucky Brits got the scrotes’ data, too. In today’s SB Blogwatch, we break out the warm beer with some delicious fish and chips.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Epic quests.
🇬🇧 RaaS Nicked 🇺🇸🇨🇦🇦🇺🇫🇮🇫🇷🇩🇪🇯🇵🇳🇱🇸🇪🇨🇭
What’s the craic? Sergiu Gatlan reports—“LockBit ransomware disrupted by global police operation”:
“PHP exploit”
Law enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as “Operation Cronos.” According to a banner displayed on LockBit’s … website, the site is now under the control of the National Crime Agency of the United Kingdom.
…
While Lockbit’s leak site is no longer accessible, showing the seizure banner, … some of the gang’s other dark web sites (including other sites used to host data and send private messages to the gang) are still up. … LockBit’s ransom negotiation sites are down but do not currently display a seizure message. … Police have also taken down LockBit’s affiliate panel and added a message saying LockBit source code, chats, and victim information were also seized.
…
The LockBit operation is run by a threat actor known as LockBitSupp, who communicates over the Tox messaging service. His account status [says law enforcement] breached the ransomware operation’s servers using a PHP exploit.
Jolly good. Top hole, you Brits. Auntie Beeb’s Gordon Corera adds—“Hacker group’s site taken over”:
“Based in Russia”
The operation was conducted by Britain’s National Crime Agency, the US Federal Bureau of Investigation, Europol and a coalition of international police agencies. … The UK’s National Cyber Security Centre (NCSC) has previously issued a warning about the “enduring threat” posed by the group, alongside partner agencies in the US, Australia, Canada, France, Germany and New Zealand.
…
LockBit was first discovered in 2020 … when the software surfaced on Russian language forums, leading some analysts to believe the group is based in Russia. [It] sells services which allow people to compromise computer networks and hold their data until a ransom is paid. … The group and its affiliates make money by stealing sensitive data and threatening to leak it unless their victims pay a ransom.
Horse’s mouth? UK NCA calls LockBit the world’s most harmful cyber crime group”:
“Recover encrypted data”
LockBit have been in operation for four years and during that time, attacks utilising their ransomware were prolific. LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery.
…
The Agency has also obtained the LockBit platform’s source code and a vast amount of intelligence from their systems about their activities and those who have worked with them and used their services to harm organisations throughout the world. Some of the data on LockBit’s systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not guarantee that data will be deleted, despite what the criminals have promised.
…
[We] are in a position to assist LockBit victims. The Agency has obtained over 1,000 decryption keys and will be contacting UK-based victims in the coming days and weeks to offer support and help them recover encrypted data. FBI and Europol will be supporting victims elsewhere.
ELI5? u/Yeseylon explains—like we’re five:
Bad guys who lock up computers and demand a ransom just got their stuff hacked by government orgs.
Congratulations in order? Yes, thinks FrogsAndChips:
Well done, lads! Now let’s hope this will not stop at servers and files, but that some heads will soon fall too!
What next? More of the same, because Whac-A-Mole. Here’s gweihir:
It needs to be made illegal to pay ransom. Maybe then those with IT security that sucks will wake up and fix their act. Yes, drastic, but apparently law enforcement is incapable of getting the perpetrators and this **** has to stop.
But at least there have been more arrests. Wellyboot hopes against hope:
Removing lowlife from the freedom to stand up a replacement will merit a bonus.
And u/TheNozzler agrees:
I don’t imagine they got everything, but it’s nice to see offensive action against the criminal ransomware gangs.
Meanwhile, what of this PHP exploit? Last word goes to @SwiftOnSecurity:
Even ransomware ****s can’t keep on top of patches for exploits they use. We have built a world of glass cannons.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Recent Articles By Author
