Law enforcement agencies from the United States, the United Kingdom, and various other countries have successfully disrupted Lockbit, a cybercrime syndicate infamous for its ransomware attacks, Reuters news report said.
The operation, codenamed ‘Operation Cronos,’ was coordinated by Britain’s National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, and several international police agencies.
According to a statement posted on Lockbit’s extortion website, the site is now under the control of the NCA, working closely with the FBI and the international law enforcement task force. Both NCA and U.S. Department of Justice representatives confirmed the disruption, stating that the operation is ongoing and evolving.
Lockbit, described by U.S. officials as the world’s top ransomware threat, has targeted over 1,700 organizations worldwide, spanning various industries including financial services, food, education, transportation, and government agencies.
The cybercriminal gang, known for its sophisticated tactics, profits by stealing sensitive data and extorting victims with the threat of exposing it unless a hefty ransom is paid. Affiliates of Lockbit are recruited to carry out attacks using its digital extortion tools.
Originating in 2020, Lockbit has gained notoriety on Russian-language cybercrime forums. While some analysts initially suspected Russian origins, the group’s purported location was later claimed to be in the Netherlands, with a purportedly apolitical stance and a sole focus on financial gain.
Jon DiMaggio, Chief Security Strategist at Analyst1, likened Lockbit to the “Walmart of ransomware groups,” emphasizing its business-like approach, which sets it apart from others in the field.
Previous victims of Lockbit include aerospace giant Boeing and Britain’s Royal Mail, highlighting the group’s capability to penetrate high-profile targets.
In response to the law enforcement action, Lockbit reportedly acknowledged the seizure of its servers but claimed to have backup servers unaffected by the operation. Screenshots shared by cybersecurity researchers showed messages from law enforcement on platforms previously used by Lockbit affiliates, indicating potential law enforcement access to critical data.
The takedown of Lockbit’s infrastructure marks a significant blow to the cybercrime ecosystem, with experts noting its dominance in the ransomware market, holding a substantial 25 percent share.
Lockbit’s website now displays a countdown, suggesting further updates from law enforcement agencies scheduled for February 20th.
