The LockBit Group has been the terror of the web for far too long. However, the international investigation allowed not only the closure of websites on the dark web, but also the physical detention of those responsible for the attacks in which over USD 120 million in BTC was extorted. Interestingly, there is also quite a large Polish thread in the whole action, because our country actively participated in the investigation.
The LockBit group was ruthlessly pacified, thanks to the joint actions of investigators from many countries around the world
According to Europol, the LockBit group was dismantled thanks to a complex investigation led by the British National Crime Agency. The NCA worked with an international working group called Operation Cronos. This group included investigators from Europe, America and Asia. But what did the LockBit group actually do? Well, it was actually a platform that grew to gigantic proportions in 2019-2022. On this platform, it was possible to purchase ransomware programs to attack companies and individuals.
The LockBit group prided itself on operating as a RaaS, or ransomware-as-a-service. Behind the actual attacks were hackers who used tools and infrastructure created by LockBit programmers. Purchasing such a license also involved a share of loot. Most often, LockBit took ¾ of the thief's profit. According to Europol, there were hundreds of LockBit's business partners. Although today there are definitely more hacking groups operating in the RaaS model, LockBit was a clear pioneer of this cybercriminal activity.
One of the founders of the LockBit Group arrested in Poland
Law enforcement authorities (NCA, FBI and Europol) wanted not only to stop the group's activities on the darknet, but above all to catch the people responsible for the entire operation. Arrests took place both in Poland and Ukraine, and two indictments have already been issued against two Russians – Artur Sungatov and Ivan Konderatiev.
On the Polish side, the Central Bureau for Combating Cybercrime (CBZC) in Kraków took part in the investigation. Interestingly, partners using the tools offered by the LockBit group can also expect consequences, because law enforcement authorities came into possession of the group's hacker database.