US offering rewards for information on leaders of ransomware group

The U.S. is offering rewards for information on leaders of the LockBit ransomware group.

LockBit is a syndicate operating since 2019. It accounted for 23 percent of the nearly 4,000 attacks globally last year in which ransomware gangs posted data stolen from victims to extort payment, according to the cybersecurity firm Palo Alto Networks, per The Associated Press.

“The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group,” State Department spokesperson Matthew Miller said in a Wednesday statement.

“Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the world, causing costly disruptions to operations and the destruction or exfiltration of sensitive information,” Miller’s statement continued. “More than $144 million in ransom payments have been made to recover from LockBit ransomware events.”

Miller’s statement follows another announcement by the United Kingdom’s National Crime Agency (NCA) on the disruption of the LockBit group with the help of international law enforcement agencies including the FBI on Tuesday.

NCA Director General Graeme Biggar called the agency’s investigation with other international partners “a ground-breaking disruption of the world’s most harmful cyber crime group.”

“Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems,” Biggar said in an NCA release. 

U.S. Attorney General Merrick Garland also said that law enforcement from the U.S. and the U.K. “are taking away the keys to their criminal operation.”

“And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data,” Garland said in the NCA release. “LockBit is not the first ransomware variant the U.S. Justice Department and its international partners have dismantled. It will not be the last.”