Law enforcement agencies from 11 countries have joined forces to dismantle the notorious LockBit ransomware operation in a collaborative effort known as Operation Cronos. This coordinated action marks a significant blow against cybercriminal activity, with the National Crime Agency of the United Kingdom taking control of LockBit’s data leak website.
LockBit Ransomware Operation Dismantled: the Details
According to a banner displayed on LockBit’s former data leak site, law enforcement now oversees its operations. The site is under the jurisdiction of The National Crime Agency of the UK, working closely with the FBI and an international law enforcement task force as part of Operation Cronos. LockBit’s services have been disrupted as a result of this international law enforcement action, with ongoing developments in the operation.
While LockBit’s leak site is inaccessible, displaying a seizure banner or an “Unable to connect” error, some of the gang’s other dark web sites remain operational. However, LockBit’s ransom negotiation sites are confirmed to be down, though they currently do not display a seizure message by the NCA.
An NCA spokesperson has also confirmed that LockBit services have indeed been disrupted, emphasizing the ongoing and evolving nature of the operation. Law enforcement agencies involved in Operation Chronos are expected to release a joint press statement tomorrow at 12:30 CET.
The LockBit operation, orchestrated by a threat actor known as LockBitSupp, communicates via the Tox messaging service. LockBitSupp’s status message on the service indicates that the FBI breached the ransomware operation’s servers using a PHP exploit, highlighting the significant impact of law enforcement actions.
LockBit’s History
LockBit ransomware-as-a-service surfaced in September 2019 and has since targeted numerous high-profile organizations worldwide. Law enforcement has taken down LockBit’s affiliate panel and seized significant amounts of information, including source code, victim details, extorted amounts, stolen data, and chat records.
Victims of LockBit include prominent entities such as the UK Royal Mail, the City of Oakland, the Continental automotive giant, and the Italian Internal Revenue Service. Bank of America recently warned customers of a data breach after Infosys McCamish Systems, one of its service providers, was hacked in an attack attributed to the LockBit ransomware gang.
A joint advisory released by cybersecurity authorities in the United States and international partners in June revealed that the LockBit gang extorted at least $91 million from U.S. organizations through approximately 1,700 attacks since 2020.
Operation Cronos adds to the growing list of successful law enforcement interventions against ransomware operations, following recent seizures of ALPHV (BlackCat) ransomware’s servers and Hive ransomware‘s Tor payment and data leak sites.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: