FBI, UK National Crime Agency say they have disrupted LockBit gang

LockBit specialises in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files. The operation recruits hackers to conduct the cyberattacks using LockBit’s tools and infrastructure. LockBit gets a cut of any ransom extorted in the hacks.

The group was responsible for last year’s attack on the US arm of Industrial & Commercial Bank of China Ltd., which disrupted the $26 billion US Treasury market. It also took down a website that Boeing Co. uses to sell spare aircraft parts, software and services.

The worldwide operation disrupted the group’s infrastructure and will include indictments, followed by sanctions, said Brett Leatherman, deputy assistant director of the FBI.

Agents seized control of Lockbit’s equipment, including servers with victim data, file-share servers and communication servers, he said. That will help authorities return stolen data to the companies and other organisations hacked by LockBit.

“We’ll be notifying victims here soon,” Leatherman said in an interview.

LockBit first came to prominence in 2021, calling itself LockBit 1.0. In 2022, it became LockBit 2.0 and its latest iteration is LockBit Green. One of the group’s most recent victims was EquilLend. The trading platform, which processes trillions of dollars of transactions a month, said the incident on January 22 affected some automated securities lending services.

The hacking group has claimed 1,600 victims in the US and 2,000 internationally, according to the FBI. A good majority are within the private sector, and the FBI said it’s tracking 144 million ransoms paid in relation to LockBit attacks.