Joint law enforcement agencies from Europol, FBI and Canada have arrested a member of the notorious Lockbit hacker group, known for attacking the Corbeil-Essonnes hospital. The 33-year-old Russian national was one of the operators of the malware, according to the European agency.
The adventure is over for a Lockbit bandit. An operator of the most publicized malware of the moment, would have been arrested in Canada, according to a press release published by Europol on November 10. ” The 33-year-old Russian national is suspected of deploying LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups around the world relays the American media Bleeping Computer.
The suspect was caught by law enforcement in Ontario, Canada, last month following an investigation by the French National Gendarmerie with the help of the European Cybercrime Center (EC3) d Europol, the FBI and the Royal Canadian Mounted Police (RCMP). Police also seized eight computers and 32 external hard drives, two firearms and €400,000 in cryptocurrency from the suspect’s home. He will now be charged in the United States.
” Lockbit was one of Europol’s biggest targets due to their involvement in numerous high-profile ransomware cases. », Indicates the press release from Europol. In France, Lockbit made headlines this summer after it crippled the computer system of the Corbeil-Essonnes hospital. He had already made an impression with a first offensive against the French Ministry of Justice in January.
A partner or an operator?
Bleeping Computer doubts that the arrested hacker is the leader of the collective, since the latter was still active on hacker forums on November 9. It could be a developer or a criminal partner who was using the software. Lockbit is what is called a “ ransomware as service », this means that the software can be used by other hackers who will share the ransom with the managers. The leader of the group, questioned by the cyber researchers of vx-underground, had indicated that more than a hundred partners used his product.
Launched two years ago, the collective has become one of the world’s most prolific hackers, with more than a third of ransomware attacks recorded in May/June, according to a report by Intel471. The ransoms demanded regularly exceeded ten million euros.
This arrest follows a similar operation carried out in Ukraine in October 2021, involving the FBI, French police and Ukrainian law enforcement, which led to the arrest of two accomplices. While announcements from Europol and Ukrainian police described the suspects as members of a high-profile ransomware gang, the European agency said at the time that it could not name the group for reasons operational.
The mix between Russian and Ukrainian nationals may come as no surprise, but the majority of ransomware criminal groups are driven only by money and put politics aside. The collective had already been disturbed in September by a leak of information about their own product after an internal dispute with a developer. It will be necessary to monitor the group’s activity on hacker forums and their site to judge the impact of this arrest.
