Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Law enforcement takes down LockBit - updated

Law enforcement agencies have worked together to hobble a prolific ransomware gang.

Over the last two years, LockBit has become one of the most infamous ransomware groups in the world, but law enforcement has begun to move in.

On Monday evening the group's website changed to show a message saying it is "under control of law enforcement."

It adds, "The site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

Image
Figure image
Description

The NCA, FBA, Europol and other agencies worked together on Operation Cronos.

The site originally asked people to return at 11:30 on Tuesday for more information. Since that time, instead of showing victims, the website has become an exposé of LockBit's secrets.

The NCA, the authority that has taken over the site, has completely co-opted LockBit's model. Countdown timers are shown ticking down to new infodumps including - allegedly - the identity of LockBit's leader.

LockBit is widely thought to be a Russian gang, due to its members mostly speaking the language and its first appearance on Russian language forums in 2019, when it was known as ABCD Ransomware.

The group, although largely avoiding the spotlight, has nonetheless been involved in major attacks. It has hit Boeing, Subway, Royal Mail, the UK's MoD and even an entire Canadian town.

Law enforcement has been increasingly moving in on ransomware gangs, taking down REvil in 2021, and DoppelPaymer, Qakbot and BlackCat last year.

LockBit, as the most notorious group active today, has been on the radar for some time. Japanese agencies claimed they could decode the gang's ransomware last year, and Canada detained a suspected affiliate in 2022. Analyst1's chief security strategist, Jon DiMaggio, even predicted "a rough year" for the group last month.

Jake Moore, global cybersecurity advisor at ESET, noted that while this doesn't signal the end of LockBit, taking down the website will be a "massive blow" to criminals.

"Although it won't eradicate the problem, it will disrupt the criminal network potentially saving businesses millions of pounds in targeted activity."

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.