21 Feb 2024

NZ police among agencies in cybercrime takedown of LockBit ransomware group

7:22 am on 21 February 2024
Composite of dark figure in hoodie in front of binary code

Photo: Unsplash / RNZ

New Zealand police were among international law enforcement agencies involved in what's being called a "significant breakthrough" in the fight against cybercrime.

The international operation - led by the United Kingdom's National Crime Agency (NCA) - infiltrated the ransomware group LockBit and disrupted their activities.

NCA said LockBit had been in operation for four years during which time its ransomware attacks had been "prolific".

"LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery. The group provided ransomware-as-a-service to a global network of hackers or 'affiliates', supplying them with the tools and infrastructure required to carry out attacks."

The group was reportedly involved in the demand money for hacked health records and other information in New Zealand in 2022.

Ransomware attacks involved using malicious software to infect a system either to steal data or encrypt it. Attackers then demand payment to not decrypt files or not publish stolen information.

NCA said it had taken control of LockBit's primary administration environment and its public-facing leak site on the dark web and and had obtained LockBit platform's source code and a vast amount of intelligence from its systems.

"The US Department of Justice has announced that two defendants responsible for using LockBit to carry out ransomware attacks have been criminally charged, are in custody, and will face trial in the US. The US has also unsealed indictments against two further individuals, who are Russian nationals, for conspiring to commit LockBit attacks," the NCA said in a statement.

Identified victims were being contacted locally.

NCA director general Graeme Biggar said "as of today, LockBit are locked out".

Europol said the months-long operation included the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the US and the UK.

"Two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities. Three international arrest warrants and five indictments have also been issued by the French and US judicial authorities."

The operation was run by law enforcement agencies from 10 countries, including the FBI and Australian Federal Police.

Authorities from four other countries, including the New Zealand Police, were also thanked for their assistance.

Get the RNZ app

for ad-free news and current affairs