-
Infantino's enlarged World Cup gamble pays off with punters
-
Egypt's 'Garbage City' recyclers reap gains from Iran war plastic squeeze
-
No fuel, no patience: Russians endure fuel shortages
-
Spain, Argentina prepare for World Cup final, Trump hails success
-
'Chainsaw massacre': Europe mulls culls for fish-guzzling cormorant
-
Supplies run dry in Venezuelan village on edge of quake zone
-
England carry 'scars' of World Cup exit, says Tuchel
-
Latin America's unlikely football unity: cheering against Argentina
-
Argentina coach Scaloni hails 'legend' Messi before World Cup final
-
Aston Villa sign Swiss World Cup star Manzambi
-
Argentina World Cup success moves me to tears, says goalkeeper Martinez
-
Trump questions England's World Cup tactics
-
Gold IRA Fees Explained: New 2026 Breakdown of Setup, Storage, and Annual Costs
-
Messi to get 'special attention' from Spain, says de la Fuente
-
Spain captain Rodri preparing for 'physical' Argentina battle
-
Italy coach Quesada's ban reduced to one Test
-
Leather jacket worn by Nvidia CEO Jensen Huang auctions for nearly $1 mn
-
Sobers 'stood out' among the greats: West Indies legend Holding
-
Leader Herbert, Burns equal record 62 at British Open, DeChambeau docked two shots
-
DeChambeau's British Open charge hit by two-shot penalty
-
Yankees' Judge improving, but not ready for baseball activities
-
Tech share selloff rolls on, oil prices jump on Mideast clashes
-
None shall pass: Spain's defence ready to thwart Messi in World Cup final
-
Messi eyes second World Cup crown at the scene of his lowest ebb
-
China's Kimi K3 rattles US AI industry
-
Herbert hopes British Open 62 woke Australian kids in the night
-
Herbert takes Open lead, equals Burns' round of 62
-
Norris misses winning, resents intrusions in private life
-
'Great innings ends': Cricket mourns West Indies great Sobers
-
Thousands protest sacking of Ukraine defence minister: AFP
-
Fickle winds whip up huge Spanish wildfire
-
Ex-president Sall back in Senegal for talks with successor
-
US links Taco Bell lettuce to diarrhea-causing parasite outbreak
-
Argentina's Colapinto more nervous about World Cup final than F1 race
-
Strong quake hits southern Mexico, tsunami alert lifted
-
British Museum shows Bayeux Tapestry unfurled after 'titanic' efforts
-
Deschamps set for bittersweet ending to France reign as Zidane waits
-
Ferrari fined but Hamilton and Leclerc escape grid penalty
-
German lawmaker faces criticism for US surrogacy to have a child
-
Tackling Messi 'huge challenge' for Spain: Merino
-
Southern Mexico hit by 7.3 quake, triggering tsunami alert
-
What's behind the Argentina World Cup team's can-do attitude?
-
Germany defender Gosens signs with Schalke
-
Pogacar urges rivals to fight for victory
-
Nigerian court dismisses suit challenging Shell's divestment
-
'Great innings has come to an end' -- cricket legend Sobers dies
-
Ex-president Sall arrives back in Senegal for meeting with successor
-
No tears as Deschamps prepares for final France match
-
Brazil toughens rules on gambling ads as bets explode
-
Antonelli fastest for Mercedes in second practice in Belgium
Global operation smashes 'most harmful cyber crime group'
An international operation led by UK and US law enforcement has severely disrupted "the world's most harmful cybercrime group", the Russian-linked ransomware specialist LockBit, officials announced Tuesday.
LockBit and its affiliates have targeted governments, major companies, schools and hospitals, causing billions of dollars of damage and extracting tens of millions in ransoms from victims.
Britain's National Crime Agency (NCA), working with the Federal Bureau of Investigation, Europol and agencies from nine other countries in Operation Cronos, said it had infiltrated LockBit's network and taken control of its services.
"We have hacked the hackers, we have taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems," NCA director general Graeme Biggar told reporters in London.
LockBit's website -- selling services that allow people to organise cyber attacks and hold data until a ransom is paid appears -- was taken over on Monday evening.
A message appeared on the site stating that it was "now under control of law enforcement".
"As of today LockBit is effectively redundant, LockBit has been locked out," Biggar said.
The US Justice Department (DOJ) said the agencies had seized control of "numerous public-facing websites used by LockBit to connect to the organization's infrastructure" and taken control of servers used by LockBit administrators.
The NCA added that it had obtained more than 1,000 decryption keys and will be contacting UK-based victims in the coming days and weeks to offer support and help them recover encrypted data.
Biggar said the network had been behind 25 percent of all cyber attacks in the past year.
LockBit has targeted over 2,000 victims and received more than $120 million in ransom payments since it formed four years ago, according to the DOJ.
Those targeted have included Britain's Royal Mail, US aircraft manufacturer Boeing, and a Canadian children's hospital.
In January 2023, US law enforcers shut down the Hive ransomware operation which extorted some $100 million from more than 1,500 victims worldwide.
Since then, LockBit has been seen as the biggest current threat.
- Dark Web -
Hive and LockBit are part of what cybersecurity experts call a "ransomware as a service" style, or RaaS -- a business that leases its software and methods to others to use in extorting money.
Ariel Ropek, director of cyber threat intelligence at cybersecurity firm Avertium, told AFP last year that this structure makes it possible for criminals with minimal computer fluency to get into ransomware by paying others for their expertise.
On the so-called dark web, providers of ransomware services pitch their products openly.
At one end are the initial access brokers, who specialise in breaking into corporate or institutional computer systems.
They then sell that access to the hacker, or ransomware operator.
But the operator depends on RaaS developers like Hive or LockBit, which have the programming skills to create the malware needed to carry out the operation.
Typically, their programmes -- once inserted by the ransomware operator into a target's IT systems -- are manipulated to freeze, via encryption, the target's files and data.
RaaS developers offer a full service to the operators, for a large share of the ransom paid out, said Ropek.
When the ransomware is planted and activated, the target receives a message telling them how much to pay to get their data unencrypted.
That ransom can run from thousands to millions of dollars.
On Tuesday, the US unsealed an indictment against two Russian nationals, bringing to five the number of Russians it has charged in connection with LockBit.
In a separate notice, the US Treasury Department said it is imposing sanctions on the pair, affiliates of LockBit, who "actively engaged" in ransomware attacks.
Biggar said a "large concentration" of the cyber criminals are in Russia and are Russian-speaking, but law enforcement agencies have not seen any direct support for LockBit from the Russian state.
"There is clearly some tolerance of cyber criminality within Russia," he added.
D.Lopez--AT