A man suspected of being a developer of the Lockbit group, considered a year ago one of the main actors in cybercrime, was arrested at the request of the French, British and Europol authorities.
British authorities also arrested two people suspected of complicity with Lockbit, while a fourth man was arrested in Spain; There, authorities also confiscated nine servers. The latter is suspected of having hosted part of Lockbit’s technical infrastructure and of being the administrator of a “bulletproof” service, that is, a server that does not respect legal requirements.
Ransomware groups penetrate the computer networks of companies, communities and hospitals to deploy software that paralyzes most of their machines and offers victims to recover their files in exchange for a ransom. These hackers also often threaten to publish online confidential documents stolen at the time of the attack.
Of all the groups that use this modus operandi, Lockbit has become, in recent years, one of the most virulent. The gang has thus been identified behind numerous nefarious attacks in France, including the one that targeted the Corbeil-Essonnes hospital in 2022. At the height of its ability to disturb, the group had multiplied its attack force by recruiting more than a hundred members, pirates. carry out attacks on behalf of the “mothership” in exchange for technical infrastructure considered high-end.
Sanctions against the Evil Corp group
In February, the authorities of eleven countries, including France, had already unveiled Operation Cronos, a series of actions aimed at Lockbit that led at the time to the seizure of part of the pirates’ technical infrastructure and dealt a severe setback to Lockbit. the administrators. US authorities also identified and published the indictments of two alleged affiliates of the group, Artur Sungatov and Ivan Kondratyev.
In May, Cronos helped identify “LockBitSupp,” the founder and alleged mastermind of the group, known for his disputes on cybercriminal discussion forums and his overflowing self-confidence. American, Australian and British authorities then suspected that he was Russian citizen Dmitry Khoroshev. The target of a US indictment, he is said to have pocketed, since Lockbit’s first actions in 2019, more than $100 million as a result of his criminal activities.
Publicly, “LockBitSupp” has always denied being the person identified by authorities, while gradually rebuilding the group’s infrastructure. If Lockbit is still active and regularly claims new victims, it is widely suspected of inflating its numbers, particularly by adding victims of old attacks to its hunting list.
On Tuesday, British, Australian and US authorities also announced a series of sanctions against suspected members of Evil Corp, a Russian cybercriminal gang famous for its attacks carried out with malware such as Dridex and Zeus. Investigators discovered that a high-ranking member of Evil Corp, Aleksandr Ryzhenkov, had also acted as a Lockbit affiliate. And this while Evil Corp is suspected of having maintained strong relations with Russian authorities.
