{"id":49270,"date":"2022-11-12T08:57:14","date_gmt":"2022-11-12T08:57:14","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/"},"modified":"2022-11-12T08:57:14","modified_gmt":"2022-11-12T08:57:14","slug":"lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/","title":{"rendered":"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper"},"content":{"rendered":"<p><span class=\"label\">In Brief<\/span> A suspected member of the notorious international LockBit ransomware mob has been arrested \u2013 and could spend several years behind bars if convicted.<\/p>\n<p>Canadian and Russian national Mikhail Vasiliev was nabbed on November 9 in Canada and is awaiting extradition to the United States to face charges he conspired with others to intentionally damage protected computers and to transmit ransom demands in connection with that damage, the US Department of Justice <a href=\"https:\/\/www.justice.gov\/usao-nj\/pr\/russian-and-canadian-national-charged-participation-lockbit-global-ransomware-campaign\" rel=\"nofollow\">said<\/a>. Allegations of efforts to spread ransomware and extort victims, basically.<\/p>\n<p>&#8220;This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,&#8221; said Deputy Attorney General Lisa Monaco.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The LockBit crime ring has been around since <a href=\"https:\/\/www.theregister.com\/2022\/07\/26\/lockbit-italy-ransomware-attack\/\">2019<\/a>, and has hit high-profile targets in multiple nations. According to US prosecutors, this ransomware strain has been deployed against more than 1,000 entities, and members of the gang have extracted &#8220;tens of millions&#8221; of dollars in ransom payments.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Most recently, LockBit in August <a href=\"https:\/\/www.theregister.com\/2022\/08\/05\/major_outage_at_it_service\/\">infected<\/a> an IT supplier of the UK National Health Service, disrupting the NHS 111 medical emergency line. According to security researchers, the attackers gained access using Citrix server credentials. Staff were forced to use pen and paper when systems were taken down.<\/p>\n<p>Vasiliev&#8217;s suspected role in the criminal ring is unknown outside of the charges leveled against him by a federal court in Newark, New Jersey, and the DoJ didn&#8217;t say which of LockBit&#8217;s many victims have been linked to Vasiliev&#8217;s alleged actions.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>If convicted, Vasiliev, 33, of Bradford, Ontario, could face up to five years in prison and a fine of up to $250,000, or twice the monetary losses he caused, whichever is greater. If Vasiliev is linked to most of LockBit&#8217;s $10 million-plus takings, it&#8217;s likely to be a bit more than $250k.<\/p>\n<h3 class=\"crosshead\">Should you patch? Here&#8217;s a handy flowchart from CISA<\/h3>\n<p>The US government&#8217;s Cybersecurity and Infrastructure Security Agency (CISA) has developed a decision tree to help it decide when to patch, and clearly thinks the diagram is far too cool to keep to itself.<\/p>\n<p>CISA&#8217;s Stakeholder-Specific Vulnerability Categorization (<a href=\"https:\/\/www.cisa.gov\/ssvc\" rel=\"nofollow\">SSVC<\/a>) system separates vulnerabilities into four categories: Track, which doesn&#8217;t require action; Track*, which requires close monitoring and action within standard update timelines; Attend, meaning it needs to be patched sooner than standard update timelines; and Act, which require action as soon as possible.<\/p>\n<p>From there, the SSVC tree makes a decision based on exploit status, technical impact, how easily an attacker could automate the attack, how directly the exploit would affect mission-critical systems, and whether the exploit would have an impact on public well-being.&nbsp;While there is pressure on IT teams to install fixes, no one wants to \u2013 for instance \u2013 bring down a production service by rushing a dodgy, untested patch for a vulnerability that is unlikely to ever be exploited in practice.<\/p>\n<p>CISA has made a <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/cisa-ssvc-guide%20508c.pdf\" rel=\"nofollow\">PDF guide<\/a> for organizations that wish to learn more about the framework and follow it, as well as <a href=\"https:\/\/www.cisa.gov\/ssvc-calculator\" rel=\"nofollow\">an SSVC calculator<\/a> that can help organizations develop an appropriate decision-making tree when it comes to applying updates.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Alongside talk of its decision tree, CISA announced <a href=\"https:\/\/www.cisa.gov\/blog\/2022\/11\/10\/transforming-vulnerability-management-landscape\" rel=\"nofollow\">additional plans<\/a> to grow a wider vulnerability management ecosystem that will include an automated, machine-understandable security advisory framework, and a push for organizations to join vulnerability exploit exchange systems.<\/p>\n<h3 class=\"crosshead\">UK privacy campaign goes after yet another facial-recognition search engine<\/h3>\n<p>Big Brother Watch, a UK-based privacy advocacy group, has filed a legal complaint with the nation&#8217;s Information Commissioner alleging that PimEyes, a facial recognition image search engine, is unlawfully processing data on millions of British citizens.<\/p>\n<p>Much like <a href=\"https:\/\/www.theregister.com\/2022\/05\/10\/clearview_ai_alcu\/\">Clearview AI<\/a> before it, PimEyes scrapes public websites for photos, which it stores in a massive database. Anyone can upload a photo, Big Brother Watch said, &#8220;which is then processed using facial recognition technology to find potential matches from an index of billions of photos from the internet.&#8221;<\/p>\n<p>Big Brother Watch said that PimEyes places no limits in the types of images that may be used for searches, and when it returns a match it also returns the URL where the photo was found, &#8220;allowing the user access to highly revealing contextual information.&#8221;&nbsp;<\/p>\n<p>Although PimEyes says that it&#8217;s not intended to be used as a surveillance tool, Big Brother Watch said that it has no safeguards in place to prevent such use.&nbsp;&nbsp;<\/p>\n<p>Unlike Clearview AI, which is aimed more at businesses and law enforcement, PimEyes is open to the public, &#8220;and can be used by anyone on the internet,&#8221; Big Brother Watch said. Given the UK authorities <a href=\"https:\/\/www.theregister.com\/2022\/05\/23\/clearview_ai_ico_fine\/\">slapped<\/a> Clearview AI with a fine, as well as telling it to stop gathering and delete data on UK citizens, a public-facing lookalike like PimEyes may not fare well. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/11\/12\/in_brief_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: CISA has a flowchart for patching, privacy campaign goes after face search engine In Brief\u00a0 A suspected member of the notorious international LockBit ransomware mob has been arrested \u2013 and could spend several years behind bars if convicted.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-49270","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LockBit suspect cuffed after ransomware forces emergency services to use pen and paper 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-12T08:57:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper\",\"datePublished\":\"2022-11-12T08:57:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/\"},\"wordCount\":811,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/\",\"name\":\"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-11-12T08:57:14+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/","og_locale":"en_US","og_type":"article","og_title":"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-12T08:57:14+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper","datePublished":"2022-11-12T08:57:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/"},"wordCount":811,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/","url":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/","name":"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-11-12T08:57:14+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2@w2Yw30w@fW0VzujvgeAAAAJI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/lockbit-suspect-cuffed-after-ransomware-forces-emergency-services-to-use-pen-and-paper\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"LockBit suspect cuffed after ransomware forces emergency services to use pen and paper"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49270"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49270\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}