Cyber Pursue

The team comprises of experienced staff with a range of specialist knowledge and skills in the field of cybercrime investigation. It routinely shares its experience with local officers and staff from local forces and also national and international partners on cybercrime matters such as ransomware methodology, cryptocurrency, international enquiries and digital forensic considerations.

To support the UK’s National Cyber Strategy via tasking from the National Crime Agency, the team assists with National Cybercrime Investigations into some of the most prevalent and impactive ransomware strains e.g. LockBit. With a 4P approach it sets investigative strategies to:

• co-ordinate the collation of evidence from reported attacks across the UK and overseas;
• provide specific information and intelligence on the involved criminal groups and their affiliates to enhance digital forensic examination and assist with recovery from attacks;
• assess, manage and mitigate identified threats;
• share information to assist victim engagement and support;
• work with international law enforcement partners and intelligence agencies to deliver criminal justice outcomes and/or effective disruption tactics.

LockBit was considered the world’s most harmful cybercrime group who, at the time, was responsible for 25% of all ransomware attacks. The operation to infiltrate and dismantle the group developed following work by the Cyber Pursue Team who continue to support the international taskforce.

In 2021, hunting groups reported computer hacking or Data Protection Act (doxing) offences. Over the course of several months, huntingleaks.is published data relating to 44 different hunting groups including personally identifiable information for over 10,000 individuals.

Op Blackcurrant was set up as an investigation into the campaign of offences under the Computer Misuse Act 1990 that occurred during 2020 to 2021. A named suspect was identified in the Avon and Somerset Police force area. After arrest, interview and premises search, the case was passed to the Cyber Pursue team due to the complexity of the modus operandi, the volume of data requiring examination and the number of identified victims.

The investigation team conducted analysis and compilation of large amounts of material from existing investigations, and the suspect’s digital devices, to prepare a clear and coherent case for prosecution. In September 2024, the defendant was convicted of six counts of unauthorised access to computer material and later sentenced to four months in custody (suspended) per conviction to run concurrently.