Law enforcement agencies have made a significant breakthrough in the fight against cybercrime, as they have successfully disrupted the activities of LockBit, which has been labeled as the “world’s biggest ransomware operation” by Europol. The efforts to dismantle LockBit were part of “Operation Cronos,” a collaborative international campaign led by the U.K.’s National Crime Agency (NCA) to combat the rampant threat posed by ransomware-as-a-service gangs.
The operation involved a coordinated effort by law enforcement agencies from various countries, including the U.K., U.S., France, Germany, the Netherlands, Sweden, Australia, Canada, Japan, and Switzerland. The primary objective of Operation Cronos was to halt the criminal activities of the LockBit gang and bring its members to justice.
The successful operation led to the seizure of 28 servers in three countries and the takedown of LockBit’s public leak site, as well as the group’s administration portal and other related sites. It also resulted in the arrests of two suspected LockBit members in Poland and Ukraine. Additionally, law enforcement authorities seized over 200 cryptocurrency accounts linked to the gang, dealing a significant blow to their criminal enterprise.
One of the most significant achievements of Operation Cronos was the acquisition of LockBit’s source code, more than 1,000 decryption keys, and a wealth of intelligence on the gang from its compromised systems. This invaluable information will provide crucial insights into the operations and tactics of the ransomware gang, aiding law enforcement agencies in their ongoing efforts to combat cybercrime.
Furthermore, the operation uncovered evidence that ransomware gangs often retain victims’ stolen data even after they have paid the ransom. This revelation serves as a stark warning to organizations and individuals that paying a ransom does not guarantee the safe deletion of their data, as the criminals may still retain access to it.
In addition to seizing the gang’s infrastructure, law enforcement authorities identified over 14,000 “rogue accounts” used by LockBit actors for infrastructure and data exfiltration, which have been referred for removal. The NCA also obtained a custom data exfiltration tool used by the gang, known as StealBit, providing further insight into their modus operandi.
The collaborative efforts of international law enforcement have sent a strong message to ransomware gangs across the globe. The disruption of LockBit, following similar operations targeting the Hive and Alphv/BlackCat ransomware gangs over the past year, demonstrates the unwavering commitment of law enforcement agencies to combat cybercrime and protect potential victims. As ransomware attacks continue to pose a significant threat to organizations and individuals worldwide, these operations serve as a crucial deterrent to cybercriminals and offer hope to victims affected by such malicious activities.