Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

International Law Enforcement Disrupts LockBit Ransomware (sky.com) 13

A coalition of global law enforcement agencies including the FBI and UK National Crime Agency have taken control of the LockBit ransomware gang's dark web site, replacing it with a notice saying their services had been disrupted by joint international action. The "Operation Cronos" task force includes Europol and enforcement agencies from a dozen countries across Europe, Asia and North America. LockBit is a prolific ransomware group that hacks corporate networks then threatens to leak stolen data unless ransom demands are paid. The notice said the operation against them was "ongoing and developing."
This discussion has been archived. No new comments can be posted.

International Law Enforcement Disrupts LockBit Ransomware

Comments Filter:
  • by AmiMoJo ( 196126 ) on Tuesday February 20, 2024 @06:10AM (#64253786) Homepage Journal

    What happens if you were already infected and want to pay the ransom to unlock your data? Are you just not allowed to now?

    Maybe that's a good thing, maybe it isn't. Hopefully they will find the master key and release an unlocking tool, but taking over a website sounds like it was just grabbing the domain and not actually getting into the criminal's systems.

    • by gweihir ( 88907 )

      I think it needs to be made illegal to pay ransom. Maybe then those with IT security that sucks will wake up and fix their act. Yes, drastic, but apparently law enforcement is incapable of getting the perpetrators and this crap has to stop.

      • I think it needs to be made illegal to pay ransom.

        In theory, that would motivate managers to invest in their I.T. component, and such motivation seems warranted.

        • I think it needs to be made illegal to pay ransom.

          In theory, that would motivate managers to invest in their I.T. component, and such motivation seems warranted.

          In reality, it would motivate executives to find an off-the-books way to pay the ransom. e.g. By hiring a consultant to resolve the problem for 10% more than the ransom demand...

          Paying ransoms is rewarding bad behavior, but outlawing paying ransoms is punishing victims.

          • by gweihir ( 88907 )

            Just hand enforcement of this to the IRS and personally jail the executives that signed off on it. I bet this would curb such attempts pretty fast.

            And no, this is _not_ punishing victims. This is punishing gross negligence.

      • I completely agree. Aside that, victims should always claim to have lost all their data, no matter of that's true or not.
      • I think it needs to be made illegal to pay ransom.

        This has been done. It encourages companies to hide the event and avoid reporting or notification. Have you met humans?

        • I think it needs to be made illegal to pay ransom.

          This has been done. It encourages companies to hide the event and avoid reporting or notification. Have you met humans?

          And that's the time for the SEC (or other appropriate agency in other jurisdictions) to step in and summon Satan all over their financials. Your mandatory filings aren't complete if they don't include risks like breaches which permit ransomware infection.

        • by gweihir ( 88907 )

          Sure. Some of them are sitting in prison for trying to do what you suggest. Some got away. It is quite enough to send a message here.

  • All this mentions is 'disruption' of the public facing leak site. That's easy enough to move somewhere else. We will have to wait and see if LE has anything else to hit them with.
  • From the article: "A representative for Lockbit posted messages on an encrypted messaging app saying it had backup servers not affected by the law enforcement action." Unless they get the people that run the site, it's not doing all that much.
  • If you actually whack the mole dead. Taking over one of their holes doesn't cut it.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...