Rafaela Prifti/
In a statement, the U.S. Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the Transnational Organized Crime group behind the LockBit ransomware variant. In addition, a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in LockBit ransomware activities.
Fancy Bear, the hacking team funded by GRU, Russia’s military intelligence agency, has been caught installing Moobot malware on “well over a thousand” unsecured home and business routers using the default admin password as the infection vector, FBI Director Christopher Wray said. Lockbit was extorting multiple hacking victims through its website by threatening to release the data of the companies/individuals it breached unless they paid ransom. Russian military botnet discovered on more than 1000 compromised routers. FBI deactivated Moobot by isolating and removing the malware from all infected units.
A global group of intelligence agencies issued a take down notice to a dark website called LockBit earlier this week. On Tuesday, UK National Crime Agency (NCA), FBI, US Department of Justice and Europol said that Operation Cronos, a joint law enforcement operation, has disrupted the core activities of Lockbit. According to a statement from French Police, the task force Cronos was created following calls from French investigators.
In one of the recent developments, police in Ukraine and Poland have made arrests of members of Lockbit for their cybercrime activities. As the result of the arrests in Ukraine, international law enforcement seized more than 200 crypocurrency accounts and 34 servers used by the gang in France, Germacy, Finland, United States, Britain, Netherlands, Switzerland and Australia, police statement said.
Lockbit is the leader among the online gangs that encrypt victim’s data to extort money. The issue stems from lack of cybersecurity basics taught to the general public, namely unsecured default admin passwords. The joint task force of US, UK and EU disrupted the group by turning the hackers site against it. Yet, many key hackers are thought to be beyond the reach of Western law enforcement.
Officials are cautious that the recent takedown amounts to technical disruptions while affiliates and new cybercrime gangs will continue to pose a problem. “In today’s era of international cyber attacks and data heists, it is prudent to change the default passwords on your network devices as soon as possible and to safely maintain and change your existing passwords as necessary. Additionally, ensure that your router is running on current firmware that contains the latest security and performance updates,” experts say. To put it simply: change the admin password unless you want someone else to change it for you.
Sources: DOS Press Release, Official Statements, News Reports