An operation by the Central Operational Unit (UCO) of the Civil Guard ended with the arrest of one of the fundamental men of the Lobckbit 3.0 group, the main hacker organization in the world, authors of cyberattacks in more than twoAnd 120 countries with 2,500 companies, people and institutions.
As EL ESPAÑOL learned from investigative sources, the arrested person is of Belarusian nationality. He was intercepted at Barajas airport as he was preparing to fly to Dubai, after spending a few days in Ibiza.
The operation succeeded in delivering a new blow for the most active ransomware group today. UCO agents, as part of their investigations against various Lockbit 3.0 ransomware attacks, were able to identify one of the most relevant actors within the Lockbit group’s infrastructure.
In this way, the Civil Guard managed to identify and arrest to the administrator of the Internet service provider employed by this criminal group. It was known for offering anonymity and confidentiality to its customers, as well as for its lack of cooperation with police and judicial authorities, frequently mentioned and even announced on cybercriminal forums.
With the arrest of the owner of the aforementioned service provider called “Bullet Proof Hosting”, nine relevant servers of Lockbit’s infrastructure were accessed and seized.
Through this, crucial information was obtained to identify the main members and affiliates of the hacker group, and the analysis of the collected information is currently continuing.
Operation
The research in which the Armed Institute participated was carried out at the international level. It was coordinated by the UK NCA, the US FBI and Europol. The French National Gendarmerie, several German police units, the Netherlands cybercrime unit, the Swedish police, the Australian Federal Police, the Japanese police, the Swiss police and the Royal Canadian Mounted Police participated.
As part of the constant fight against the main international actors that threaten cybersecurity, and the continued stifling to which these criminal organizations are subjected by the security forces and bodies of different countries, several agencies joined forces and combined their capabilities to develop common action against one of the main criminal groups in the field of cybercrime.
It is not for nothing that the Lockbit group carries out attacks against public organizations and private companies in major countries around the world. Thanks to the information available to each police force and thanks to their fluid exchange, it was possible to coordinate a joint action on a global scale which made it possible to generate a valuable information about the main group of ransomware throughout the world, and thus be able to act effectively against it.
This criminal group is a pioneer in the exploitation of “ransomware as a service” (ransomware as a service), which has facilitated the growth of cybercrime, making it accessible to people without advanced technical knowledge.
Despite the sophisticated measures used by these criminals for years to hide their identity and connections, international police cooperation has made it possible know its structure, modus operandi and identify a large number of its members.
Identified
Last February, up to 11 countries collaborated to confiscate the systems of this dangerous group of cybercriminals which is attributed to the largest number of attacks in the world. Many of them were carried out in Spain.
It was called Operation Cronos. A few months later, researchers from different Western countries managed to identify those most responsibleeven if we don’t know where he is. It was about Dmitry Khorosheva man of Russian nationality
The United States Department of Justice offered $10 million for any clues. could facilitate Khoroshev’s arrest. This hacker is accused of 26 criminal charges as leader of the organization which, since its creation in 2019, has allegedly obtained more than $100 million in ransoms for its attacks against thousands of victims.
Khoroshev, according to investigations in the United States, developed, promoted and oversaw the LockBit software. He would then recruit “affiliates” on cybercriminal forums so that they could carry out the attacks. ransomware. Once the ransom is paid by victims, usually in bitcoins (BTC), Khoroshev received 20% of his profits.
This hacker racks up charges of conspiracy to commit fraud, extortion, and related cybercrime activities, as well as extortion charges related to illegal information obtained from a protected computer, among others. SO, faces a maximum sentence of 185 years in prison.
