Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

What we know about LockBit, the Russia-linked cyber crime gang targeting UK | #cybercrime | #infosec | #hacking | #aihp

The UK’s National Crime Agency (NCA) has successfully infiltrated the systems of a Russia-linked cyber crime group known as LockBit, taking control of the website it used to advertise its services.

LockBit has hit the UK with several high-profile attacks over the past few years, including one on the Royal Mail in January 2023 that caused severe disruption to overseas deliveries. The group demanded a £65m ransom in the process.

It also accessed Ministry of Defence papers before uploading them to the dark web, and attacked the company Advanced, which provides software to the NHS.

Though the FBI and Europe’s anti-crime agency Europol were involved in taking down LockBit, the UK’s NCA is thought to have led the operation.

What is LockBit?

LockBit, which is thought to have originated on Russian-speaking hacking forums in 2020, made its money via a type of software called “ransomware”.

When ransomware gets installed on your PC it locks down your data, this means you’ll either need to pay cybercriminals a fee to get the keys to access it, or worse, you’ll end up having to pay them to avoid leaking it online.

Ransomware remains one of the most common – and most profitable – types of cyber attacks worldwide. Cybersecurity firm Sophos estimates criminal groups in 2023 will net more than $1bn from their global activities.

What did the NCA do?

Five Russian nationals have so far been charged in connection with LockBit. An international task force, headed by the UK’s National Crime Agency (NCA)has arrested two people in Poland and Ukraine, and more than 200 cryptocurrency accounts, which the group used to allegedly launder stolen money, have been frozen.

How is LockBit linked to the Ukraine war?

While these types of high-profile cyberattacks stem from Russia, this doesn’t necessarily mean these groups are under the control of the Kremlin, at least directly.

“These incidents are certainly related to geopolitics, even if this is not a classical state-sponsored episode,” according to Elliott Wilkes, who has previously worked in cybersecurity at the White House, United Nations and UK Ministry of Defence.

Mr Wilkes noted that there was a significant drop in the number of cyber attacks flowing from Russia-speaking countries after the invasion of Ukraine.

He speculates that Russia would probably have recruited cybercriminals at the start of the war to work on important IT issues related to war, leading to groups like LockBit, which were just trying to make money, becoming understaffed.

However, the cybersecurity expert said these groups were unlikely to operate without any government influence.

“Nothing escapes the state,” he explained “Putin has a long arm.”

Mr Wilkes highlighted that in the past, the Russian government has generally ignored cybercrime groups operating within its borders, as long as they don’t attack Russia itself, or very closely allied countries like Belarus. However, they go largely unprosecuted for attacking countries such as the US or Australia.

Mr Wilkes thinks the UK needs to adopt a “name-and-shame approach” to discourage countries like Russia from allowing this type of activity, directly or indirectly, from operating from within its borders.

Click Here For The Original Source.