LockBit Hackers Nabbed in Multinational Investigation; Japan’s Police Agency Develops Data Recovery Technology

The Yomiuri Shimbun

15:58 JST, February 21, 2024

Key members of the international hacker group LockBit were arrested following investigations by law enforcement authorities in 10 countries, including Japan, the United States and European nations, authorities said Tuesday.

More than 200 cryptocurrency accounts and 34 servers related to the ransomware group were frozen or taken down, according to the announcement.

In the course of the investigation, Japan’s National Police Agency developed the world’s first method to restore data that had been rendered unusable by a Lockbit attack, which could help reduce future damage.

A series of LockBit attacks have caused harm in Japan, including the October 2021 system shutdown at Tsurugi municipal Handa Hospital in Tsurugi, Tokushima Prefecture, and the July 2023 shutdown of the container management system at Nagoya Port.

Named “Operation Cronos,” the joint investigation was carried out by the European Union Agency for Law Enforcement Cooperation (Europol) and police agencies from countries such as Japan, the United States, the United Kingdom, France and Australia.

According to the NPA and other sources, two LockBit members were arrested in Poland and Ukraine at the request of French authorities, while the U.S. and French authorities opened investigations into five cases and obtained arrest warrants for three cases.

LockBit became active around 2019. It broke into the systems of companies and other organizations, encrypted data, and then demanded payment for restoring the data while threatening to disclose the information. The group is believed to have several hundred members, most of them from the former Soviet bloc. More than 100 cases of related damage have been reported in Japan since 2021.

Europol claims that the group had caused billions of euros worth of damage. According to U.S. authorities, among the people charged for related crimes in the United States is a Russian national who was involved in attacks against targets in Japan and the United States, among other countries.

According to Yu Arai, a security expert at NTT Data Group Corp., LockBit is believed to have been involved in approximately 970 cases, or about 20% of the about 4,500 cases of damage caused worldwide by ransomware attacks last year.

The National Police Agency developed technology to restore data encrypted by LockBit, and several companies and other entities in Japan are said to have succeeded in recovering data.