Enforcers from the US and UK disrupted a ransomware group they say has targeted more than 2,000 victims and taken over $120 million in ransom payments. They even got the keys from seized LockBit assets to access data that was encrypted after the group’s attacks, the US Department of Justice announced in a press release Tuesday.
The US DOJ, Federal Bureau of Investigation, and UK National Crime Agency’s Cyber Division said they managed to seize websites and servers used by LockBit to prevent them from stealing data that they allegedly use to extort victims for money.
The NCA and FBI also came up with decryption strategies that they believe could help hundreds of victims globally regain access to systems that were attacked by LockBit, according to the DOJ. The agency said victims should reach out to the FBI through this website to see if their systems can be decrypted.
The DOJ also unsealed an indictment against two Russian nationals the agency believes are responsible for LockBit ransomware attacks against US businesses.
“Today’s indictment, unsealed as part of a global coordinated action against the most active ransomware group in the world, brings to five the total number of LockBit members charged by my office and our FBI and Computer Crime and Intellectual Property Section partners for their crimes,” US Attorney Philip Sellinger for the District of New Jersey said in a statement.