.png)
This operation is considered one of the most serious disruptions in the cybercrime world. The long-running operation also involved the FBI, Europol and other countries, but is the first of its kind to be led by the UK.
Criminals use Lockbit to break into companies' and organizations' computers and lock users out until a ransom is paid. They often steal data and threaten to release it.This group emerged around 2019 year and established themselves as a dominant player. By some estimates, it accounts for around 20-25% of the ransomware market.
Lockbit's most notable targets include Royal Mail, which was attacked in January 2023 and disrupted international shipping. Last November, the Industrial and Commercial Bank of China (ICBC) was also severely affected financially. Other companies affected include NHS suppliers, law firm Allen & Overy and aerospace group Boeing, according to reports.The operation has been running in secret for some time, with law enforcement gathering data and moving into a more public phase Monday night.
NCA technical experts infiltrated Rockbit's own systems and assumed control. In doing so, they managed to steal much of the data about the criminal group's own activities.This data may also provide unique insight into the true extent of the group's activities, as many companies have not acknowledged being hacked and in some cases have paid the ransom.As they moved into the more public phase of the operation, law enforcement publicized their infiltration.
They took control of a site on the dark web where Rockbit advertised its activities, replacing it with the emblems of various law enforcement agencies and the message "This site is under the control of the UK National Crime Agency." We work closely with the FBI and the international law enforcement force Operation Chronos.
At a press conference on Tuesday morning, NCA Director General Graham Biggar said he estimated the group was responsible for 25% of ransomware attacks last year.
He said the incident had caused billions of dollars in damages. He said there were thousands of victims around the world, including 200 known in the UK, but added that there may have been many more.Lockbit sells criminal services and acts as a one-stop shop for customers called affiliates.These affiliates are paid to perform hacking activities and receive both malware and advice.
However, after law enforcement action, partners attempting to log into the site will receive a separate message explaining that Rockbit's internal data, including victim information and extorted amounts, has fallen into the hands of law enforcement. message was displayed.
There have been so-called "takedowns" in the past, but often criminal groups resurfaced shortly after your online operations were disrupted by law enforcementBut in this case, the people behind the operation hopes to gain greater influence by undermining the group's credibility and attacking its reputation. This group relies heavily on branding. They even got paid to tattoo Rockbit branding on people's bodies.
The goal is to sow mistrust by letting partners know that law enforcement has their data, and to make other criminals believe that they and those running Rockbit Be aware that fear of law enforcement is a risk when working with partners in the future.Officials directly involved in the operation said they believed the UK would be significantly safer from cyberattacks in the short and medium term, describing the move as a "step change" in the response to cybercrime. ing.
.png&description=The UK has launched an operation to dismantle what is believed to be the world's largest criminal ransomware group.){kind=link}
0 Comments