The U.S. offered a reward of up to $15 million for information on the leaders of the notorious cybercrime group Lockbit on Wednesday as police in Ukraine announced the arrest of a father-son duo alleged to have been involved with the gang.
The developments are the latest in a series of actions by international law enforcement against Lockbit, a leader among the online gangs that encrypt victims’ data to extort money.
The U.S., the UK and the EU announced this week they had disrupted the group in an unusually aggressive international law enforcement operation that turned the hackers’ own site against it. Officials have used the seized web page to taunt the hackers with forthcoming releases of data and a tool for victims of the ransom-seeking gang to decrypt their data for free. The U.S. has also unveiled sanctions and indictments against two of the group’s key operatives.
State Department said it would offer up to $15 million for information leading to the arrests and convictions of the leaders of the ransomware group.
Ukraine’s police service didn’t identify the father-son pair but said they seized more than 200 cryptocurrency accounts and 34 servers used by the gang in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and Britain.
The takedown has been one of the most eye-catching in recent memory, in part because of the trolling from police. But with many of the key hackers thought to be beyond the reach of Western law enforcement, experts said it was a matter of time before those behind Lockbit restarted their operations or drifted toward new cybercrime gangs.
“While there has been some arrests, a lot of this has been technical disruption,” said Rafe Pilling, who directs Secureworks’ threat research unit. He noted that a lot of Lockbit’s damage was dealt by “affiliates,” smaller hacking groups that carried out the initial break-ins. He said those hackers were “still out there and still going to do their thing.”