Cybercrime gang Lockbit hit by authorities who seized network's extortion website

In February 2023, the North’s biggest construction company Lagan Specialist Contracting Group (SCG) was targeted by the ransomware group.

The company, which said it was able to trade normally, has two offices in Dublin and an office in Cork and in Limerick, as well as branches throughout Britain, the US and the Middle East.

Also in February 2023, Lockbit conducted a ransomware attack on Dublin-based software firm ION group.

On Monday night, cyber security companies revealed posts on the Lockbit website, which said: “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.” 

In all, 11 countries were involved in the operation, along with the EU police agency, Europol.

Lockbit and what are called its affiliates have hit some of the biggest organisations in recent months.

The gang steals sensitive data and threatens to leak it if the targets don’t pay a ransom.

Affiliates are other criminal gangs that use Lockbit’s software and pay them a percentage of the ransom.

Irish cyber expert Briain Ó hEoghanáin told the Irish Examiner: “This is a good day and highlights how well police forces around the world are operating closer together to target those behind these crimes.” 

He said Lockbit has hit Irish companies and that there was no doubt they had targeted firms other than those that were known about.

He said they were one of the “more prolific gangs”, in many cases targeting smaller businesses, of fewer than 200 employees.

Mr Ó hEoghanáin said their reasoning was that these companies may not have security as strong as larger companies and might be more willing to pay a ransom.

“That is not to say they were restricting themselves to small firms," he said. "Lockbit were also responsible for the ransomware attack against the Post Office in the UK, and Accenture was another of their victims.” 

He pointed out that Lockbit operated an affiliate service — that is, anyone could "white-label" their service and attack victims, with Lockbit collecting a percentage of whatever the affiliate got in their ransom demands.

“So Lockbit attacked victims directly and also via their affiliate network,” he said.

US government cyber authorities estimated in June 2023 that one in every six ransomware attacks that targeted US government offices in 2022 was traced back to Lockbit actors.