The US State Department announced this week of rewards totaling up to $15 million to incentivize individuals to come forward with vital information crucial to the capture and prosecution of those involved in perpetrating LockBit ransomware variant attacks and to help identify the key leaders of the LockBit ransomware group.
LockBit, a notorious Russia-based ransomware syndicate, has been operating since 2019, leveraging its eponymous ransomware variant to unleash havoc across the digital landscape.
Employing a nefarious Ransomware-as-a-Service (RaaS) model, LockBit rents out its malicious software to cybercriminal affiliates, who, in turn, execute attacks on targeted entities. This arrangement ensures a steady stream of income for the group, as they take a percentage cut from the ransoms extorted.
The U.S. State Department highlighted that since January 2020, the group has orchestrated over 2,000 attacks, with victims spanning not only the United States but also various countries worldwide. These attacks have resulted in significant disruptions to operations and, in many cases, the outright destruction or theft of sensitive information. Shockingly, victims have shelled out more than $144 million in ransom payments to mitigate the fallout from LockBit ransomware incidents.
Ransomware operations like LockBit represent a grave threat to global cybersecurity. By infiltrating systems, encrypting data, and holding it hostage for financial gain, these criminal enterprises wreak havoc on businesses and organizations of all sizes. The RaaS model, in particular, has proven highly lucrative for Russian cybercrime syndicates, which operate with relative impunity due to the challenges of cross-border law enforcement.
Two individuals affiliated with LockBit have been designated pursuant to Executive Order 13694, signaling a clear message that those involved in ransomware attacks will face consequences for their actions. This designation underscores the commitment of the U.S. government to hold accountable those who seek to undermine our economies and critical infrastructure through cybercrime.
International Collaboration Against LockBit Ransomware Network
In a concerted effort to combat this menace, the Department of Justice, in collaboration with the Federal Bureau of Investigation and international partners such as the United Kingdom’s National Crime Agency (NCA), has announced a series of coordinated law enforcement actions aimed at dismantling the LockBit ransomware network.
Earlier in the week the NCA revealed details of an international disruption campaign targeting LockBit, after infiltrating the group’s network, the NCA has taken control of LockBit’s services, compromising their entire criminal enterprise.
The collaborative operation was unveiled through a post on LockBit's official website, stating: “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement taskforce Operation Cronos.”
In tandem with these enforcement actions, the U.S. government continues to emphasize the importance of collaboration and information sharing among international partners in the fight against cyber threats.
