200 cryptocurrency wallets of the most notorious ransomware hackers were seized by Europol, FBI and SBU

The SBU, together with law enforcement agencies from the United States, the United Kingdom and the EU, exposed an international group of ransomware hackers. This became known from a message from Ukrainian law enforcement officers in the official Telegram channel.

As a result of joint actions, members of a powerful international hacker group called LockBit were exposed. According to the case file, the attackers stole secret information and personal data from well-known companies and then demanded a «ransom» for them. Among the organizers and members of the group were citizens of Ukraine and Russia.

Over the course of almost five years, the attackers carried out more than 3,000 cyberattacks against financial institutions and corporations in Western countries that provide defense assistance to Ukraine. It has been documented that hackers extorted more than $ 90 million from one American company alone.

The hackers used specially developed ransomware to steal corporate data. According to the investigation, members of the group remotely «launched» malware on users' computers. After that, the «virus» collected classified information, and then blocked the operation of computer equipment and «offered» to restore it after paying money. In case of refusal, the attackers threatened not only to paralyze the entire technological process of the affected companies, but also to «leak» their confidential information to the open network.

At the moment, the hacker group’s darknet sites are blocked by law enforcement.

In addition, more than 30 servers were seized in the United States and seven EU countries from which the attackers conducted cyberattacks and where they stored stolen data. In addition, more than 200 cryptocurrency accounts of the criminal group were blocked.

During the investigation in Ukraine, the SBU seized mobile phones and computers with evidence of illegal activity. The obtained material evidence will be provided to international partners to continue the investigation and bring the perpetrators to justice.

LockBit was introduced in 2019. By 2022, this ransomware became the most widespread in the world. Its developers offered their solution as RaaS (Ransomware-as-a-Service), a model in which malware is distributed as a franchise.

Europol believes that the group had hundreds of branches around the world. The investigation is ongoing.