Angola is on the list of around 80 countries where companies and other entities have been targeted by ransomware attacks signed by the LockBit group. O group was dismantled this week, but it is possible that this is not an end, but the motive for a rebranding.
The report is from the security company Check Point Software, which compiled the list of countries with companies and other entities affected by LockBit attacks in 2023, as well as the number of attacks in each geography.
Angola is on this list of around 80 countries affected by the activity of the group and its network of affiliates, with one attack recorded.
LockBit's operating model, which worked on a ransomware-as-a-service logic, favored the global dissemination of the use of its tools, with affiliates using these resources to launch attacks across the world.
“LOCKBIT OPERATES ON A RAAS MODEL, PROVIDING RANSOMWARE AND INFRASTRUCTURE TO OTHER CYBERCRIMINALS, KNOWN AS AFFILIATES, WHO THEN CARRY OUT THE ATTACKS. THIS ALLOWED IT TO SCALE ITS OPERATIONS AND REACH A GREATER NUMBER OF VICTIMS”, CHECK POINT SOFTWARE PRECISELY UNDERLINES.
Having access to information about the attacks carried out by the group was easy, as the usual practice was to display counters on the collective's page on the Dark Web, which showed how long victims had with ransom demands to pay them. The data used to blackmail those attacked who did not pay the ransom was published on the same website.
It was more difficult to track down the criminals and “hack the hackers” as the British and American police, who coordinate the operation, made a point of mentioning this Monday, when they took over the group's website on the Dark Web and took advantage of the platform to announce the success of the operation.
During the course of the operation, 34 servers were closed in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom. People were arrested in Poland and Ukraine and more than 200 cryptocurrency accounts were frozen.
More news is expected in the coming days or weeks, especially since the United States has a reward of 15 million dollars, for anyone sharing information that helps catch the group's leaders, allegedly with links to Russia. As Check Point highlights “During 2023, [LockBit] was the most dominant ransomware group in terms of publicly extorted victims, publishing over 1000 extorted organizations".
The list prepared by the security company now shows which countries were the main targets of the actions of LockBit and its affiliates, but also the extent of the group's activities to all continents. The United States, United Kingdom, France, Germany and Canada were the countries where the most attacks using the LockBit signature were recorded.
"The most affected sectors were the manufacturing industry (with almost 25% of victims) and retail”, highlights Check Point.
Although several arrests have already been announced and the authorities themselves have said that they have data to “go after” many of those who used LockBit tools in recent years, members of LockBit themselves were quick to say that the authorities' action would have a limited impact. .
Time will show whether this is the case, but Ckeck Point says that, in addition to this, the group has another problem on its hands at the moment. “Over the past month, LockBit support has been involved in a major dispute on one of the major Russian underground forums and has been banned from any activity there due to questionable business ethics.”
