Police arrest suspected LockBit operator as the ransomware gang spills new data • TechCrunch
A Russian national linked to the LockBit ransomware operation has been arrested over his alleged involvement in attacks targeting critical infrastructure and large industrial groups worldwide.
The 33-year-old suspect was arrested in Ontario, Canada on October 26 following an investigation led by the French National Gendarmerie with the help of Europol’s European Cybercrime Centre, the FBI, and the Canadian Royal Canadian Mounted Police. During the arrest, police seized eight computers, 32 external hard drives, and €400,000 in cryptocurrencies, Europol said.
The arrest follows a similar action in Ukraine in October last year when a joint international law enforcement operation led to the arrest of two of his accomplices.
Europol says the suspect, described as “one of the world’s most prolific ransomware operators,” was one of its high-value targets due to his involvement in numerous high-profile ransomware cases. The EU police agency added that he is known for trying to extort victims with ransom demands between €5 to €70 million.
The suspect will now face charges in the United States. An announcement from the U.S. Department of Justice is expected later today.
Specific victims targeted by the suspected LockBit operator were not named by Europol. However, France’s involvement in the operation suggests he could be linked to a recent attack on French aerospace and defense group Thales.
LockBit, a prominent ransomware operation that’s previously claimed attacks on tech manufacturer Foxconn, U.K. health service vendor Advanced, and IT giant Accenture, added Thales to its leak site on October 31. The group claimed to have published data stolen from the company today, which it describes as “very sensitive” and “high risk” in nature. Contents of the data leak include commercial documents, accounting files and customer files, according to LockBit, though the files had not been published at the time of publication.
“As far as customers are concerned, you can approach the relevant organizations to consider taking legal action against this company that has greatly neglected the rules of confidentiality,” a message on the LockBit leak site reads.
Thales spokesperson Cedric Leurquin did not immediately respond to our request for comment.
LockBit also claims to have today leaked 40 terabytes of data stolen from German automotive giant Continental, and samples of the data suggest that the gang has accessed technical documents and source code. Though a ransom demand was not explicitly stated, the ransomware gang’s leak page claims to offer access to the full tranche of stolen data for $50 million.
Continental spokesperson Marc Siedler told TechCrunch that the company’s investigation into the incident has revealed that “attackers were also able to steal some data from the affected IT systems,” but refused to say what types of data were stolen or how many customers and employees have been affected.