US and UK Law Enforcement Agencies Jointly Disrupt LockBit Ransomware Group

The U.S. Department of Justice (DoJ) working in cooperation with the Federal Bureau of Investigation (FBI), the U.K. National Crime Agency’s (NCA) Cyber Division and other international law enforcement partners in London announced the disruption of the LockBit ransomware group, which is one of the most active ransomware groups in the world.

So far, the group has targeted over 2,000 victims, received more than US$ 120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars.

Law enforcement agencies took down multiple public-facing websites utilized by LockBit to access the organization's infrastructure and assumed control of servers utilized by LockBit administrators.

This action disrupted LockBit actors' capability to launch attacks, encrypt networks, and extort victims through threats of publishing stolen data, the U.S. Department of Justice said.

“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation and we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data. LockBit is not the first ransomware variant the Justice Department and its international partners have dismantled. It will not be the last,” said Attorney General Merrick B. Garland.

The LockBit ransomware variant emerged around January 2020 and, up to the present operation, has evolved into one of the most prolific and damaging variants globally.