U.S. Justice Department
U.S. and U.K. law enforcement agencies on Tuesday announced the disruption of the LockBit ransomware group, which has targeted more than 2,000 victims, including U.S. schools and hospitals.
The U.S. Justice Department and Federal Bureau of Investigation worked with the U.K. National Crime Agencys (NCA) Cyber Division and other international partners to seize websites and servers used by LockBit to attack networks and extort victims by threatening to publish stolen data.
“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” U.S. Attorney General Merrick B. Garland said in a statement.
“And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data, Garland said. LockBit is not the first ransomware variant the Justice Department and its international partners have dismantled. It will not be the last.”
Starting Tuesday, victims targeted by LockBit are encouraged to contact the FBI at [https://lockbitvictims.ic3.gov/](https://lockbitvictims.ic3.gov/) in order to determine whether affected systems can be successfully decrypted.
The DOJ also on Tuesday unsealed an indictment from the District of New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous targets in the U.S. and around the world. Kondratyev faces additional charges in the Northern District of California related to his deployment in 2020 of ransomware against a victim in the state.
“Today, the FBI and our partners have successfully disrupted the LockBit criminal ecosystem, which represents one of the most prolific ransomware variants across the globe,” said FBI Director Christopher A. Wray. “Through years of innovative investigative work, the FBI and our partners have significantly degraded the capabilities of those hackers responsible for launching crippling ransomware attacks against critical infrastructure and other public and private organizations around the world.
According to the indictment, Sungatov allegedly deployed LockBit ransomware against manufacturing, logistics, insurance, and other companies located in Minnesota, Indiana, Puerto Rico, Wisconsin, Florida, and New Mexico. Kondratyev, operating under the online alias “Bassterlord,” allegedly deployed LockBit against municipal and private targets in Oregon, Puerto Rico, and New York, Singapore, Taiwan, and Lebanon.
The global LockBit conspiracy also allegedly included Russian nationals Mikhail Pavlovich Matveev and Mikhail Vasiliev, along with other LockBit members.
“Todays indictment, unsealed as part of a global coordinated action against the most active ransomware group in the world, brings to five the total number of LockBit members charged by my office and our FBI and Computer Crime and Intellectual Property Section partners for their crimes,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey.
The LockBit ransomware variant appeared around January 2020, and became one of the most active and destructive variants in the world.
According to prosecutors, members attacked more than 2,000 targets and made hundreds of millions of dollars in ransom demands, receiving over $120 million in ransom payments.
TMX contributed to this article.