SSU, jointly with US, UK and EU, dismantles transnational ransomware gang

The SSU’s cyber units, in cooperation with the law enforcement agencies of the US, the UK, the EU and other partners, have conducted a large-scale special operation in multiple countries.

As a result, the illegal activities of a transnational cybercrime group LockBit have been disrupted. 

The gang stole confidential information and personal data from high-profile companies and then demanded ransom for the information to be returned.

Citizens of russia and Ukraine were among the group’s organizers and members.

Over almost 5 years, LockBit carried out more than 3,000 cyberattacks against financial institutions and corporations in Western countries that provide defence assistance to Ukraine.

According to the investigation, the hackers extorted USD 90 million from one US company alone.

Specially developed ransomware was used to steal company data. The hackers launched malware on victims’ computers remotely.

The ‘virus’ collected confidential information and then blocked the operation of computer equipment, offering to restore it after the ransom was paid.

In case of refusal, LockBit threatened not only to paralyze the entire technological process of the victim company, but also to leak their confidential information into the open network.

As a result of an international multi-stage special operation, the hacker group’s darknet sites have been blocked by law enforcement.

Over 30 servers from which the perpetrators launched cyberattacks and where they stored stolen data have been seized in the US and seven EU states.

More than 200 cryptocurrency accounts of the ransomware gang have been shut down.

As part of the investigation in Ukraine, the SSU seized mobile phones and computers with evidence of LockBit’s crimes. The evidence will be shared with international partners in order to bring those involved to justice.

The cyber operation was carried out jointly with the National Police, Europol and the Prosecutor General’s Office.