LockBit ransomware gang disrupted by global operation

Notorious ransomware gang LockBit’s website has been taken over by law enforcement authorities, who claim they have disrupted the group’s operations and will soon reveal the extent of an operation against the group.

At the time of writing, the group’s .onion site loads the message “The site is now under the control of law enforcement” – specifically the UK’s National Crime Agency (NCA).

“We can confirm that LockBit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation,” the page states, promising that more information will be revealed at 11:30 GMT on Tuesday February 20.

LockBit site seizure notice

LockBit site seizure notice – Click to enlarge

The page states that the NCA worked with the FBI, and an “international law enforcement task force” named Operation Cronos.

The page also carries logos for Europol, and law enforcement agencies from Australia, Germany, the Netherlands, Japan, France, and Switzerland. National flags of those nations, plus those of Canada, Sweden, and Finland, are also present.

Web pages are, of course, not a ransomware gang’s main tool – this one could be window-dressing. But Europol has reportedly taken credit for shutting down LockBit, so perhaps Operation Cronos really has disrupted the gang’s operations.

If that’s the case, this action will be welcome. LockBit is prolific and vicious: we’ve reported it attacking a children’s hospital, Infosys, sandwich chain Subway, and many other attacks.

US authorities have detected at least 1,700 LockBit attacks in that nation alone as of mid-2023, and suggest the group was responsible for almost a quarter of all ransomware attacks in some countries.

LockBit was one of the pioneers of ransomware-as-a-service. It offered its wares to affiliates, who got the job of negotiating with victims and then sending the gang part of the loot. That business model’s efficiency waned in late 2023, leading LockBit to change its rules to ensure minions secured bigger ransoms and sent more to their masters.

Few will mourn LockBit’s passing – it is believed to have taken tens of millions of dollars in ransom payments, and then threatened to reveal victims’ data unless they send further funds.

There are geopolitical implications as well, given LockBit is thought to be directed from Moscow and therefore perhaps part of a wider campaign to disrupt Russia’s enemies. ®

READ MORE HERE