KYIV/LONDON — Police in Ukraine said on Wednesday (Feb 21) they had arrested a father-son duo who belonged to the cybercrime gang Lockbit, which was disrupted by an international law enforcement operation led by UK's National Crime Agency and the FBI earlier this week.
The father and son, neither of whom were named by police, were wanted for carrying out attacks using ransomware, malicious software used to digitally extort victims, against "enterprises, state institutions and health care institutions in France," the National Police of Ukraine said in a statement.
"Investigators conducted a number of searches at the residences of hackers in Ternopil, during which mobile phones and computer equipment used in illegal activities were seized," the statement said, referring to a city in western Ukraine.
On Tuesday, the NCA, FBI, US Department of Justice and Europol said a joint law enforcement operation dubbed "Operation Cronos" had disrupted the core activities of Lockbit, one of the world's most damaging cybercrime organisations.
The United States has charged two Russian nationals with deploying Lockbit's ransomware tools against companies and groups around the world. Police in Poland and Ukraine made two arrests, police agencies said.
As a result of the arrests in Ukraine, law enforcement were able to seize more than 200 cryptocurrency accounts and 34 servers used by the gang in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and Britain, Wednesday's Ukrainian police statement said.
"This made it possible to block the activities of the main hacking platform and other criminal critical infrastructure," it added.
Before it was seized by police, Lockbit was able to extort multiple hacking victims at the same time through its website, which listed the names of breached companies and organisations next to a countdown timer that, upon reaching zero, would release a victim's data unless they paid a ransom.
Operation Cronos was unique in that police agencies, once in control of Lockbit's website, used Lockbit's own digital platform to leak data about the secretive inner-workings of the group.
Ukrainian police said the investigations and arrests had been carried out following a request from France.
According to a statement from France's public prosecutor on Tuesday, France began investigating Lockbit in 2020 and was home to more than 200 of the gang's victims, including hospitals, town halls, and businesses nationwide. In January 2022, Lockbit claimed on its leak website to have hacked France's justice ministry.
On Wednesday, police in Poland identified the Lockbit gang member arrested there as a 38-year-old man in Warsaw. As in Ukraine, that arrest was carried out along with members of a specialist French cyber police unit, according to statements and photos published by police.
According to a statement from French police, also published on Wednesday, the "Operation Cronos" taskforce was created under Europol following calls from French investigators.
ALSO READ: Lockbit cybercrime gang disrupted by international police operation