- Vulnerable U
- Posts
- Europol Hits LockBit Ransomware Actors With Arrests, Sanctions
Europol Hits LockBit Ransomware Actors With Arrests, Sanctions
The Big Picture: Europol, in coordination with 12 countries and Eurojust, has carried out a large-scale operation against the LockBit ransomware group, involving arrests, server seizures and sanctions.
Key Details:
The operation led to four arrests, including ones of a suspected LockBit developer, two individuals that supported LockBit affiliate activity and the administrator of a Bulletproof hosting service that was used by the ransomware group
Law enforcement seized nine servers critical to LockBit infrastructure
The U.S., UK and Australia slapped sanctions on an individual identified by the National Crime Agency as a major LockBit affiliate. Notably, the individual, Aleksandr Ryzhenkov, is strongly linked to the Russia-based Evil Corp cybercriminal group (LockBit has previously claimed the two groups don’t work together)
The sanctions against Ryzhenkov overlap with further sanctions by the U.S., UK and Australia against several Russian citizens for their involvement in Evil Corp activity
Why it Matters: Global authorities have been chipping away at LockBit with a string of disruption efforts. In February, Europol and Eurojust seized 34 servers, froze 200 cryptocurrency accounts and arrested two actors linked to LockBit. And in May, the U.S. sanctioned a senior leader of LockBit. This latest activity, and the arrests in particular, put further pressure on the actors behind LockBit, which was the most widely used ransomware variant globally between 2021 and 2023, according to Europol.
Next Steps: The Japanese police, National Crime Agency and FBI have previously developed decryptors for recovering files encrypted by LockBit. Law enforcement is urging potential LockBit victims to learn more about these solutions on the No More Ransom portal.