The U.S. Department of Justice, the U.K. National Crime Agency’s Cyber Division, the Federal Bureau of Investigation and other international law enforcement partners announced Tuesday in London that they have made a significant dent in the activities of one of the world’s most active ransomware groups worldwide.
WHY IT MATTERS
LockBit has according to a rack from the DOJ. But a team of federal and international agencies is “taking the keys” to LockBit’s operation, Attorney General Merrick Garland added.
Law enforcement agencies have also developed decryption capabilities that the DOJ says could allow hundreds of victims around the world to restore systems encrypted with the LockBit ransomware variant. The FBI asks victims to do this please contact the agency and start the process.
Additionally, the DOJ said it has opened charges in New Jersey and California against Russian nationals Artur Sungatov and Ivan Kondratyev, aka Bassterlord, for deploying LockBit against numerous victims in the United States.
Related search warrants revealed multiple U.S.-based servers used by LockBit members, including those running “StealBit” — a platform LockBit administrators use to organize and transfer victim data, the agency said.
U.S. Attorney Philip Sellinger for the District of New Jersey noted in the statement that the investigation will continue to identify and charge all of LockBit’s membership, from “developers and administrators to its subsidiaries.”
“Today’s indictment, announced as part of a globally coordinated action against the world’s most active ransomware group, brings the total number of LockBit members charged by my office and our partners at the FBI and Computer Crime and Intellectual Property Section for their crimes out of five. ” he said.
“We will put them in the spotlight as wanted criminals. They will no longer hide in the shadows.”
“LockBit is not the first ransomware variant that the Department of Justice and its international partners have dismantled,” Garland added.
“It won’t be the last.”
THE BIG TREND
It’s been a year since the LockBit ransomware group issued a bizarre apology for its attack on Toronto-based SickKids and offered a decryptor key.
But over the years, LockBit has attacked many healthcare organizations, which were then forced to divert patients and suffer weeks of stealing patients’ protected health information and adding it to ransomware leak sites to demand ransoms or sell the PHI as the healthcare systems do not comply with the rules. .
ON THE RECORD
“Today’s actions are another down payment on our commitment to continue dismantling the ecosystem that fuels cybercrime by prioritizing disruption and putting victims first,” said Deputy Attorney General Lisa Monaco in a statement. “Our work doesn’t stop here: together with our partners, we’re turning the tables on LockBit: providing decryption keys, unlocking victim data, and pursuing LockBit’s criminal partners around the world.”
“This operation demonstrates both our ability and our commitment to defend our nation’s cybersecurity and national security against any malicious actor seeking to impact our way of life,” FBI Director Christopher Wray said in the announcement. “We will continue to work with our domestic and international allies to identify, disrupt and deter cyber threats, and hold perpetrators accountable,” he pledged.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.