Two men suspected of involvement in the international cybercriminal group Lockbit were arrested in Ternopil Oblast, Ukraine's National Police reported on Feb. 21.
The U.K.'s National Crime Agency (NCA) announced on Feb. 20 that it had taken control of Lockbit's services, allowing it to infiltrate the group's network. The NCA described Lockbit as the "world's most harmful cybercrime group," having targeted "thousands" of victims in ransomware attacks.
Lockbit carried out more than 3,000 cyberattacks in the U.S. and Europe between 2019 and 2024, resulting in losses of billions of euros, according to the National Police.
The two Ukrainian suspects were father and son, according to the National Police. The operation to arrest them was carried out with cyber specialists from the Security Service of Ukraine (SBU).
Mobile phones and computer equipment used to carry out cyber attacks were found during searches of their homes.
"As a result, more than 200 criminal-related cryptocurrency accounts were blocked and 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States, and the United Kingdom were removed," the National Police said.
The men provided virus software to affiliates in Western Europe, who "encrypted victims' data, threatened them with information leaks, and demanded ransom."
Dinara Khalilova
If a ransom was received, the money was "distributed between the main team of Lockbit and affiliated persons, who received up to 75% of the criminal profits," according to the National Police.
The men's actions "affected individuals, enterprises, state institutions and health care institutions in France," the National Police said.
The Ukrainians, as well as a Polish national, were arrested "at the request of the French judicial authorities," Europol said.
Poland's Central Office for Combating Cybercrime also reported that a 38-year-old man had been arrested in Warsaw "in the presence of French gendarmerie officers and an analyst from Europol."
The U.S. "has also unsealed indictments against two further individuals, who are Russian nationals, for conspiring to commit Lockbit attacks," the NCA said.
The NCA said it worked closely with the Federal Bureau of Investigation (FBI) and international partners from nine other countries, under the coordination of Europol, to uncover Lockbit.
The NCA said it has "obtained over 1,000 decryption keys and will be contacting U.K.-based victims in the coming days and weeks to offer support and help them recover encrypted data."
The Kyiv Independent news desk
