Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Massive police move against hacking group claiming credit for Fulton County attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp

Europol said two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities.

Participating agencies announced some details Tuesday, at 6:30 a.m. Atlanta time.

“It is difficult to say exactly how many victims of LockBit there are, but we estimate that in 2023 alone there were 1,000 victims just in the United States,” FBI Deputy Director Paul Abbate said in a short video posted on X, formerly Twitter. “The FBI is currently reaching out to each of the victims we know about to share possible decryption capabilities.”

Police agencies are offering decryption tools to victims such as Fulton County.

“In wider action coordinated by Europol, two LockBit actors have been arrested this morning in Poland and Ukraine, over 200 cryptocurrency accounts linked to the group have been frozen,” the NCA announced. “

The attack on Fulton County crippled many systems, including hundreds of phone lines. County services were unavailable for several days, and many offices are still using offline work-arounds.

County Commission Chair Robb Pitts initially said there was no information that personal data had been compromised. But when the county acknowledged the hack was a ransomware attack, Pitts said personal data leaks were possible.

Hackers posted a countdown clock on LockBit’s site on the dark web, showing some county documents and threatening to post personal information if an unspecified ransom wasn’t paid. At the deadline that clock disappeared and nothing further was released.

County officials remained mum, but cybersecurity experts told The Atlanta Journal-Constitution it was likely the county’s cyberinsurance had paid off the hackers in cryptocurrency.

LockBit has targeted more than 2,000 victims worldwide, demanded hundreds of millions of dollars and gotten more than $120 million, according to a Tuesday news release from the FBI.

Federal authorities unsealed a New Jersey indictment Tuesday against two Russian nationals, Artur Sungatov and Ivan Kondratyev, charging them with using LockBit against numerous targets in the U.S. and worldwide. More charges against Kondratyev, AKA “Bassterlord,” were unsealed in California.

Sungatov is accused of using LockBit ransomware against “manufacturing, logistics, insurance, and other companies located in Minnesota, Indiana, Puerto Rico, Wisconsin, Florida, and New Mexico,” the FBI news release said.

Kondratyev is accused of doing the same against “municipal and private targets in Oregon, Puerto Rico, and New York, as well as additional targets located in Singapore, Taiwan, and Lebanon.” He’s also accused of targeting a California company in 2020.

“Both Sungatov and Kondratyev are alleged to have joined in the global LockBit conspiracy, also alleged to have included Russian nationals Mikhail Pavlovich Matveev and Mikhail Vasiliev, as well as other LockBit members, to develop and deploy LockBit ransomware and to extort payments from victim corporations,” the FBI announced.

Last May, indictments against Matveev and Vasiliev were unsealed in Washington, D.C., and New Jersey, for attacks on “numerous victims throughout the United States, including the Washington, D.C., Metropolitan Police Department.”

Matveev is on the run, with a reward of up to $10 million for information leading to his capture.

Vasiliev, a dual Russian-Canadian national, was charged in November 2022 with participation in the LockBit global ransomware campaign. He’s in Canadian custody awaiting extradition to the U.S., the FBI said.

In June, Russian national Ruslan Magomedovich Astamirov was charged in New Jersey with using LockBit against victims in Florida, Japan, France, and Kenya. He is in a U.S. jail awaiting trial, the FBI said.

LockBit’s tools to steal and encrypt data emerged from Russian-language hacking forums in 2020. By 2022 it became the most widely used ransomware, according to police.

“The group provided ransomware-as-a-service to a global network of hackers or ‘affiliates,’ supplying them with the tools and infrastructure required to carry out attacks,” the NCA said.

Europol said LockBit would normally take one-quarter of the ransom affiliated hackers collected.

“Taskforce Operation Cronos,” coordinated by Europol, included police from France, Germany, the Netherlands, Sweden, Switzerland and the UK, plus the U.S., Australia, Canada and Japan. Members also thanked agencies in Finland, Poland, New Zealand and Ukraine.

Europol announced the law enforcement action took down 34 computer servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.

Agencies will be sifting through the seized data to target LockBit’s leaders, developers and affiliates, according to Europol.

“The Agency has also obtained the LockBit platform’s source code and a vast amount of intelligence from their systems about their activities and those who have worked with them and used their services to harm organizations throughout the world,” the NCA said. But the agency acknowledged this action, though major, does not destroy LockBit. The group may reorganize, the NCA said.

Click Here For The Original Source.