- Philippines challenges China over South China Sea at ASEAN meet
- Mets advance on Lindor blast, Dodgers stay alive in MLB playoffs
- Injury-ravaged Krygios aiming to return at Australian Open
- Greek international Baldock, dead at 31: family
- EU talks deportation hubs to stem migration
- Deaths and repression sideline Suu Kyi's party ahead of Myanmar vote
- S. Africa offers a lesson on how not to shut down a coal plant
- China opens $71 bn 'swap facility' to boost markets
- Mets advance on Lindor grand slam, Yankees and Tigers win
- Taiwan President Lai vows to 'resist annexation' of island
- China's solar goes from supremacy to oversupply
- Asian markets track Wall St record as Hong Kong, Shanghai stabilise
- 'Denying my potential': women at Japan's top university call out gender imbalance
- China's central bank says opens up $70.6 bn in liquidity to boost market
- Zelensky on whirlwind tour of Europe ahead of US vote
- Youth facing unprecedented wave of violence, UN envoy warns
- 'A casino in every kitchen': Brazil's online gambling craze
- Nobel chemistry winner sees engineered proteins solving tough problems
- Lindor powers Mets past Phillies into NL Championship Series
- Wildlife populations plunge 73% since 1970: WWF
- 'Sleeper agent' bots on X fuel US election misinformation, study says
- Death toll rises to 109 after Haiti gang attack, official says
- Tigers beat Guardians and on brink of advancing in MLB playoffs
- Argentina MPs back Milei's veto of university funding
- Man City sink Barca in Women's Champions League as Bayern outgun Arsenal
- Greek international Baldock, 31, found dead in pool: state agency
- Florida seaside haven a ghost town as hurricane nears
- Pharrell Williams to co-chair Met Gala exploring Black dandyism
- Wall Street indices hit fresh records as Chinese shares tumble
- Taiwan's president to deliver key speech for National Day
- Sea row on the menu as ASEAN leaders meet China's Li
- Injured Kane won't start England's Nations League clash with Greece
- Discord seen as online home for renegades
- US forecasts severe solar storm starting Thursday
- Mozambique starts tallying votes in tense election
- Zelensky moves to court European leaders in drive for military aid
- Ratan Tata: Indian mogul who built a global powerhouse
- Rodgers rejects 'false' suggestions of role in Saleh dismissal
- One dead as storm Kirk tears through Spain, Portugal, France
- Indian business titan Ratan Tata dead at 86
- Lebanon facing 'catastrophic' situation as 600,000 displaced: UN
- US warns Israel not to repeat Gaza destruction in Lebanon
- Musk's X returns in Brazil after 40-day showdown with judge
- Call her savvy? Harris unleashes unconventional media blitz
- Lucian Freud 'masterpiece' fetches £13.9 million at London sale
- SoFi Stadium to hold next two CONCACAF Nations League finals
- McIlroy and DeChambeau set for PGA-LIV 'Showdown' in Vegas
- Fed minutes highlight divisions over rate cut decision
- Steve McQueen debuts new WWII film at London festival
- Run blitz edges India and South Africa closer to World Cup semi-finals
'World's most harmful': What is the LockBit cybercrime gang?
An international law enforcement operation has taken down dozens of servers and disrupted LockBit, "the world's most harmful cyber crime group" according to British authorities.
LockBit and its affiliates caused billions of dollars in damage and extracted tens of millions in ransom from their victims. Their targets have included banks, mail services and even a children's hospital.
How does LockBit operate?
Rather than conduct an entire criminal operation itself, LockBit developed the malicious software -- "ransomware" -- that enables attackers to lock victims out of their computers and networks.
Victims were then told to pay ransom in cryptocurrency in exchange for regaining access to their data. Those who did not pay risked having their data dumped on the dark web.
The "LockBit" ransomware was first observed in 2020, and made money through up-front payments and subscription fees for the software, or from a cut of the ransom, according to the US Cybersecurity & Infrastructure Security Agency (CISA).
The model is known as "Ransomware as a Service", or RaaS.
LockBit usually conducted itself as a professional enterprise, seeking feedback from customers -- called "affiliates" -- and rolling out ransomware improvements.
"LockBit operates like a business. They run -- or ran -- a tight ship, which has enabled them to outlast many other ransomware operations," Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, told AFP.
LockBit is believed to have operated out of multiple locations, and cybersecurity experts say its members were Russian speakers.
How lucrative is ransomware?
In 2023, extortions by ransomware groups exceeded $1 billion in cryptocurrency for the first time, according to data published this month by blockchain firm Chainalysis.
LockBit has targeted more than 2,000 victims worldwide, receiving more than $120 million in ransom, the US Department of Justice said Tuesday.
These potentially huge payouts have emboldened cybercriminals.
"Awash with money, the ransomware ecosystem surged in 2023 and continued to evolve its tactics," the cybersecurity firm MalwareBytes said in a report published this month.
"The number of known attacks increased 68 percent, average ransom demands climbed precipitously, and the largest ransom demand of the year was a staggering $80 million."
That demand came after a LockBit attack severely disrupted Britain's post operator Royal Mail for weeks.
Who are LockBit's victims?
LockBit ransomware has been used against a wide variety of targets, from small businesses and individuals to huge corporations.
It was used "for more than twice as many attacks as its nearest competitor in 2023", according to MalwareBytes.
The group has gained notoriety and attention from law enforcement agencies after high-profile attacks such as the one on Royal Mail.
Last November, it was blamed for an attack on the US arm of the Industrial and Commercial Bank of China (ICBC) -- one of the biggest financial institutions in the world -- as well as US aerospace giant Boeing.
In 2022, a LockBit affiliate attacked the Hospital for Sick Children in Toronto, Canada, disrupting lab and imaging results. LockBit reportedly apologised for that attack.
"Although LockBit developers have created rules stipulating that their ransomware will not be used against critical infrastructure, it is clear that LockBit affiliates largely disregard these rules," Stacey Cook, an analyst at the cybersecurity firm Dragos, wrote in a report published last year.
"LockBit developers do not appear to be overly concerned with holding their affiliates accountable."
Who is fighting back, and how?
LockBit's growing visibility and its affiliates' increasing attacks meant law enforcement agencies ramped up their efforts to win this cat-and-mouse game.
An alliance of agencies from 10 nations, led by Britain's National Crime Agency, on Tuesday said they had disrupted LockBit at "every level" in an effort codenamed "Operation Cronos".
Europol said 34 servers in Europe, Australia, the United States and Britain were taken down and 200 Lockbit-linked cryptocurrency accounts were frozen.
The NCA said the action had compromised LockBit's "entire criminal enterprise".
"This likely spells the end of LockBit as a brand. The operation has been compromised and other cybercriminals will not want to do business with them," Emsisoft's Callow told AFP.
But in recent years, cybersecurity experts have detected ransomware groups that suspended operations following law enforcement action only to re-emerge under different names.
"Our work does not stop here. LockBit may seek to rebuild their criminal enterprise," NCA Director General Graeme Biggar said in a statement.
"However, we know who they are, and how they operate. We are tenacious and we will not stop in our efforts to target this group and anyone associated with them."
A.Jones--AMWN