Ukraine arrests father-son duo in Lockbit cybercrime bust

Cyber-security specialists from Ukraine's Security Service working at an unknown location in Ukraine. PHOTO: REUTERS
Updated
Feb 22, 2024, 05:22 PM
Published
Feb 22, 2024, 01:05 AM

KYIV/LONDON – Police in Ukraine said on Feb 21 they had arrested a father-son duo who belonged to the cybercrime gang Lockbit, which was disrupted by an international law enforcement operation led by Britain’s National Crime Agency (NCA) and the US Federal Bureau of Investigation (FBI) earlier this week.

The father and son, neither of whom were named by police, were wanted for carrying out attacks using ransomware, malicious software used to digitally extort victims, against “enterprises, state institutions and healthcare institutions in France”, the National Police of Ukraine said in a statement.

“Investigators conducted a number of searches at the residences of hackers in Ternopil, during which mobile phones and computer equipment used in illegal activities were seized,” the statement said, referring to a city in western Ukraine.

On Feb 20, the NCA, FBI, US Department of Justice and European Union police force Europol said a joint law enforcement operation dubbed “Operation Cronos” had disrupted the core activities of Lockbit, one of the world’s most damaging cybercrime organisations.

The United States has charged two Russian nationals with deploying Lockbit’s ransomware tools against companies and groups around the world. Police in Poland and Ukraine made two arrests, police agencies said.

As a result of the arrests in Ukraine, law enforcement agencies were able to seize more than 200 cryptocurrency accounts and 34 servers used by the gang in the Netherlands, Germany, Finland, France, Switzerland, Australia, the US and Britain, the Feb 21 Ukrainian police statement said.

“This made it possible to block the activities of the main hacking platform and other criminal critical infrastructure,” it added.

Before it was seized by police, Lockbit was able to extort multiple hacking victims at the same time through its website, which listed the names of breached companies and organisations next to a countdown timer that, upon reaching zero, would release the victim’s data unless it paid a ransom.

More On This Topic
US FBI seizes Lockbit hacking websites in ransomware disruption
What is Lockbit? The digital extortion gang on a cybercrime spree

Operation Cronos was unique in that police agencies, once in control of Lockbit’s website, used Lockbit’s own digital platform to leak data about the secretive inner workings of the group.

French connection

Ukrainian police said the investigations and arrests had been carried out following a request from France. 

According to a statement from France’s public prosecutor on Feb 20, France began investigating Lockbit in 2020 and was home to more than 200 of the gang’s victims, including hospitals, town halls, and businesses nationwide. In January 2022, Lockbit claimed on its leak website to have hacked France’s Justice Ministry.

On Feb 21, police in Poland identified a Lockbit gang member arrested there as a 38-year-old man in Warsaw. As in Ukraine, that arrest was carried out with members of a specialist French cyber-police unit, according to statements and photos published by police.

According to a statement from French police, also published on Feb 21, the Operation Cronos task force was created under Europol following calls from French investigators. REUTERS

More On This Topic
Boeing data published by Lockbit hacking gang
Yellen: No impact on US Treasury market from ICBC hack

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top