FULTON COUNTY, Ga. - In a significant global initiative, the U.S. Department of Justice, in collaboration with the United Kingdom and international law enforcement partners, has successfully thwarted the notorious LockBit ransomware group. This cybercriminal organization, responsible for attacking over 2,000 victims worldwide, allegedly amassed over $120 million in ransom payments and issued demands totaling hundreds of millions of dollars.
The joint effort, which included the U.K. National Crime Agency’s Cyber Division, the Federal Bureau of Investigation (FBI), and other international law enforcement agencies, disrupted LockBit’s operations. They achieved this by seizing key public-facing websites and taking control of servers used by LockBit administrators, effectively hindering the group's ability to launch attacks and extort victims by threatening to expose stolen data.
This is the same group that is believed to be responsible for the ransomware attack on Fulton County that affected the county's phone, court and tax system and jail system.
Attorney General Merrick B. Garland emphasized the operation's significance, stating, "For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation."
In a proactive move, the Justice Department obtained decryption keys from the seized LockBit infrastructure to aid victims in recovering their systems and data. Deputy Attorney General Lisa Monaco highlighted the commitment to dismantling cybercrime ecosystems and prioritizing victim recovery.
The Department unsealed an indictment in New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, known as Bassterlord, for their involvement in deploying LockBit against numerous victims. Additional charges against Kondratyev were unsealed in the Northern District of California, related to his deployment of ransomware in 2020 against a victim located in California.
The disruption also involved unsealing two search warrants in the District of New Jersey, authorizing the FBI to disrupt U.S.-based servers used by LockBit members. These servers hosted the "StealBit" platform, a tool used by LockBit members to organize and transfer victim data.
FBI Director Christopher A. Wray commended the successful disruption, stating, "This operation demonstrates both our capability and commitment to defend our nation's cybersecurity and national security from any malicious actor who seeks to impact our way of life."
The press release highlighted that LockBit is believed to be responsible for the ransomware attack on Fulton County, affecting the county's phone system, court system, tax system, and jail.
The Treasury Department’s Office of Foreign Assets Control announced the designation of Sungatov and Kondratyev for their roles in launching cyberattacks.
Victims affected by LockBit are encouraged to contact the FBI at https://lockbitvictims.ic3.gov/ for further assistance. Detailed information on protecting networks against LockBit ransomware is available at StopRansomware.gov. The collaborative effort with law enforcement agencies worldwide underscores the global commitment to combat cyber threats.