HomeTechnologyConviction among 'dark web' mafias brings down cybercriminal group that attacked Seville...

Conviction among ‘dark web’ mafias brings down cybercriminal group that attacked Seville City Council and thousands of organizations

An economic dispute over the distribution of the ransom loot preceded the police crackdown on LockBit, which blackmailed companies, organizations and hospitals worldwide.

Police notification of interception of the LockBit access page following the international action against the kidnapping and extortion group last February.STATEMENT (via REUTERS)

dark webHidden from search engines, hiding IP (the identity of the devices on which a person works) and accessible only through certain browsers, the dark web is a platform for computer criminal activities, pedophilia, human trafficking, but it is not a world without rules. or illegal arms and drug sales. Like all mafias, they have rules and there are penalties for those who violate them. Breaking one of these laws, the law on the distribution of money obtained through extortion, brought down the largest kidnapping and extortion organization, LockBit. Among the many crimes attributed to him since his detection in 2019 are taking down the website of the Seville City Council, the Port of Lisbon, the California budget office, a children’s hospital in Toronto, and thousands of companies. The international police operation against this conspiracy, which resulted in the detention of two people in Eastern Europe, was made possible after his conviction in the criminal society. The criminal group is now trying to re-emerge.

National Crime Agency He announced that the United Kingdom (NCA) “took control of LockBit services” after infiltrating the mafia network in an operation carried out on February 20. Kronos. In coordination with Europol, two people were arrested and 200 cryptocurrency accounts were seized in Poland and Ukraine. Four other alleged bad actors have been sued in the US.

“This investigation against the world’s most damaging cybercriminal group shows that no criminal operation, no matter where it is located or how sophisticated, is beyond the reach of the agency and our partners. we have was attacked to hackers (hackers); They took control of their infrastructure, obtained their source code, and decrypted keys that would help victims decrypt their systems. As of today (February 20) LockBit has been blocked,” says NCA director Graeme Biggar.

The director of the United States Federal Investigation Agency (FBI) shares this enthusiasm: “The FBI and our partners have successfully disrupted the LockBit criminal ecosystem; ransomware “(Blackmail due to the takeover of computer systems) is the most efficient method in the world.”

Check Point Threat Group Director Sergey Shaykevich.
Check Point Threat Group Director Sergey Shaykevich.CP

However, this international police operation was the end of a process that had already begun. dark web and this was the initial trigger for the disbandment of the crime squad. As Check Point Threat Group manager Sergey Shaykevich explained during a meeting Multinational meeting in Vienna According to (CPX), the source of the decline was a dispute over the benefits of extortion, decided in a trial between criminals, and an unsuccessful appeal that led to the sentence of disappearance. “LockBit has been blocked on the forums ( dark web) and then I fell to the ground. “It’s a double whammy,” he summarizes.

LockBit and other similar organizations, ransomware as a service (RaaS). According to this security company KasperskyPrograms accessed through. dark web, as are the usual practices of traditional or clean web runtimes. “Interested parties leave deposits to use contracted programs. “Ransom payments will be split between the LockBit developer team and the attackers, who will receive three-quarters of the extortion after a week if the targets are achieved.”

Shaykevich reported that the dispute that led to the lawsuit against LockBit amounted to 20 million euros. “Nominal ransomware That’s the most important thing,” comments Check Point’s threat chief, explaining how discord between criminals led to the downfall of a cybercrime giant.

One of the group’s latest victims was the Seville City Council, where LockBit claimed more than one and a half million euros for the recovery of the municipal computer systems last September. Councilor for Digital Transformation Juan Bueno said after the kidnapping that the attackers were of “Dutch origin”.

The incident, which was echoed in many media outlets, and the council member’s first statement showed that the City Council did not have the necessary protection and that the person responsible for Digital Transformation was unaware of LockBit, the “company’s organization”. ransomware According to British Home Secretary James Cleverly, it is the most productive in the world”.

“From the Netherlands? No no no. Most of them are in Russia. The two people arrested in Poland and Ukraine are not key members in Russia,” says Shaykevich.

This fake Dutch origin referred to the location of the last server from which the email containing the malicious link that led to the hijacking had arrived. These computer systems for data traffic, dark web, They are used for sequential encryption that prevents tracking. Operation according to NCA Kronos This led to the dismantling of 28 LockBit servers.

possible revival

However, the case on the dark web and the subsequent international police operation does not mean the end of the entire LockBit infrastructure, which aims to continue in the market of kidnapping and extortion attacks, as it represents more than 200 million people, according to Shaykevich’s estimates. We generate revenue in euros every year.

A person allegedly responsible for the group stated in a statement that the police intervention was possible due to “a security vulnerability in the PHP programming language.” This name refers to the open source Hypertext Preprocessor system widely used in web page development. “All other servers with backup blogs that do not have PHP installed are unaffected and will continue to distribute data stolen from the hacked companies,” the claim, allegedly in English and Russian, reads. hacker.

Security companies have already identified these restructuring attempts but are questioning the feasibility of continuing with the same name following the criminal reputation crisis caused by the dispute in the case. dark web and after demonstrating a vulnerability that international police exploited. “As long as people are not arrested, they will most likely change and form a new organization with a new name. But the step taken is important and shows that law enforcement is working and you can be punished,” explains Shaykevich.

FBI director Christopher Asher Wray agrees: “This operationKronos) demonstrates our ability and commitment to defending cybersecurity against any malicious actor trying to influence our way of life. “We will continue to work with our national and international allies to detect, block and deter cyber threats and hold perpetrators accountable.”

You can follow EL PAÍS Technology inside Facebook And X or sign up to hear from us here weekly newsletter.

Source: El Pais



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments