The law locks out LockBit hackers

A shadowy international syndicate of cybercriminals just got a taste of its own medicine. 

What happened: Authorities have seized control of the notorious ransomware gang LockBit’s web infrastructure after a successful operation led by the U.K.'s National Crime Agency. Law enforcement agencies from around the world, including Canada, contributed to the takedown.

  • Authorities shut down the group’s website, seized ~11,000 domain names and servers, and ~1,000 decryption tools that could be used to help LockBit victims.

  • The operations also resulted in the arrest of two allegedly high-ranking members and the collection of a “wealth of data” that authorities believe will help bring about future arrests. 

Catch-up: LockBit has grown to startling heights thanks to its sterling business model. The gang mastered the idea of “ransomware-as-a-service,” renting out its high-end malware technology to a loose group of hackers and then taking a ~20% cut of any ransoms they get.

Why it matters: The world’s most prominent ransomware gang is now effectively out of business, having been locked out of its own systems. This is a massive W for the fight against cybercrime and should lead to a collective sigh of relief for companies worldwide. 

  • Since 2019, LockBit’s scores of members and affiliates have extorted millions from targets, leaked rafts of sensitive information, and even disrupted the operations of everything from the U.K.’s Royal Mail to clerical services in Fulton County, Georgia

In Canada: LockBit was responsible for 22% of all attributed ransomware attacks in Canada in 2022 and has been tied to several high-profile debilitating attacks — like hacks against IndigoThe Weather Network, and SickKids hospital (though it did apologize for that one). 

Yes, but: Much like Adam Neumann’s ability to get funding, ransomware gangs don’t die easily. They are infamous for simply rebranding and getting back to hacking. 

Zoom out: At the very least, this seizure — and other recent ones like it — should cause widespread disruption and a temporary slowdown in ransomware attacks. The effects could become more significant if authorities can detain more LockBit members and affiliates.—QH