The U.S. Department of Justice, the U.K. National Crime Agency’s Cyber Division, the Federal Bureau of Investigation and other international law enforcement partners announced Tuesday in London that they have put a sizeable dent in the operations of one of the world's most active ransomware groups worldwide.

WHY IT MATTERS

LockBit has targeted more than 2,000 victims, according to a statement from the DOJ. But a team of federal and international agencies is "taking away the keys" to LockBit's operation, Attorney General Merrick Garland added.

Law enforcement agencies have also developed decryption capabilities that the DOJ said could enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. The FBI is asking victims to contact the bureau and start the process. 

In addition, the DOJ said it has unsealed indictments in New Jersey and California for Russian nationals Artur Sungatov and Ivan Kondratyev, or Bassterlord, for deploying LockBit against numerous victims throughout the United States. 

Related search warrants uncovered multiple U.S.-based servers used by LockBit members, including those that house "StealBit" – a platform LockBit administrators use to organize and transfer victim data, the agency said.

U.S. Attorney Philip Sellinger for the District of New Jersey noted in the statement that the investigation will continue to identify and charge all of LockBit’s membership from "developers and administrators to its affiliates."

"Today’s indictment, unsealed as part of a global coordinated action against the most active ransomware group in the world, brings to five the total number of LockBit members charged by my office and our FBI and Computer Crime and Intellectual Property Section partners for their crimes," he said.

"We will put a spotlight on them as wanted criminals. They will no longer hide in the shadows.”

"LockBit is not the first ransomware variant the justice department and its international partners have dismantled," Garland added. 

"It will not be the last."

THE LARGER TREND

It's been a year since the LockBit ransomware group made a bizarre apology for its attack on Toronto-based SickKids and offered a decryptor key.

But over the years, LockBit has attacked many healthcare organizations that are then forced to divert patients and are impacted for weeks, stealing protected patient health information and adding them to ransomware leak sites to demand ransom or sell the PHI if the health systems fail to comply.

ON THE RECORD

"Today’s actions are another down payment on our pledge to continue dismantling the ecosystem fueling cybercrime by prioritizing disruptions and placing victims first," Deputy Attorney General Lisa Monaco said in a statement. "Our work does not stop here: together with our partners, we are turning the tables on LockBit – providing decryption keys, unlocking victim data, and pursuing LockBit’s criminal affiliates around the globe."

"This operation demonstrates both our capability and commitment to defend our nation's cybersecurity and national security from any malicious actor who seeks to impact our way of life," FBI Director Christopher Wray said in the announcement. "We will continue to work with our domestic and international allies to identify, disrupt, and deter cyber threats, and to hold the perpetrators accountable," he pledged.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.