Dismantling LockBit: a major victory against ransomware

It’s one of the most spectacular advances ever made against cybercriminals: ina vast international policeoperation dubbed “Operation Cronos”, the FBI, NCA, Europol and agencies from 11 countries have joined forces to dismantle the LockBit ransomware group!

This initiative marks a decisive turning point in the fight against cybercrime, illustrating the power of international collaboration. The operation against LockBit was the result of an international collaboration involving law enforcement agencies from Great Britain, the United States, and the European Union, demonstrating once again the importance of transnational cooperation in the fight against cybercrime.

According to Reuters, an NCA spokesman confirmed that the agency had disbanded the gang. A LockBit representative did not respond to Reuters messages seeking comment, but posted messages on an encrypted messaging application indicating that it had backup servers unaffected by law enforcement action.

The US Department of Justice and the FBI did not immediately respond to requests for comment. The publication also mentions other international police organizations from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland and Germany.

A coordinated strike against LockBit

The LockBit gang, infamous for its ransomware attacks around the world, has been brought down thanks to concerted law enforcement action. LockBit is the most prolific ransomware group in the world, which puts into perspective the significant impact of this operation on the cybercrime scene.

The LockBit leaks site now displays a banner stating that the site is under the control of the UK’s National Crime Agency (NCA). “This site is now under law enforcement control. This operation is the result of close cooperation with the FBI and the international law enforcement task force, Operation Cronos,” states the banner.

The immediate effects of Operation Cronos

Following this international action, LockBit’s services were disrupted. The operation succeeded in disrupting LockBit’s operations, including seizing the infrastructure used for ransomware attacks. This includes the closure of websites used for ransom payments, representing a major blow to the group’s financial operations. Despite the inaccessibility of LockBit’s leak site, which shows either a message indicating its seizure by the authorities, or an error when attempting to log in, other dark web network platforms associated with the group remain active and functional. However, LockBit’s ransom negotiation sites are now offline, although they are not yet displaying an NCA seizure message.

The NCA can confirm that LockBit’s services have been disrupted as a result of international law enforcement action. This is an ongoing and developing operation,” an NCA spokesperson told BleepingComputer.

LockBit’s response

The LockBit operation is led by one of the group known as LockBitSupp, who communicates via the Tor messaging service. Its status on the service now displays a message stating that the FBI has compromised the ransomware operation’s servers using a PHP flaw. “The FBI screwed up the servers via PHP, backup servers without PHP cannot be affected,” translates LockBitSupp’s status message, written in Russian.

Consequences for LockBit and its affiliates

Police have also taken control of LockBit’s affiliate panel, adding a message stating that LockBit’s source code, chats and victim information have also been seized.

Vx-underground has just posted on X(ex Twitter) the message a Lockbitaffiliate sees when trying to connect to the Lockbit panel.

Screenshotdu post de vx underground sur le demantelement de Lockbit
Source: @vxunderground

Hello …
Law enforcement has taken control of the Lockbit platform and obtained all the information on it. This information concerns the Lockbit group and you, their affıliés. We have the source code, details of victims you attacked, the amount of money extorted, stolen data, chats, and much more. You can thank Lockbitsupp and their faulty infrastructure for this… we may be contacting you very soon.
If you’d like to contact us directly, please feel free to do so:
In the meantime, we encourage you to visit the Lockbit website.
We wish you a good day.
Sincerely,
The UK’s National Crime Agency, the FBI, Europol and the Operation Cronos Law Enforcement Taskforce. Operation Cronos Law Enforcement Task Force

Source: @vxunderground

An unambiguous message to cybercriminals

This operation sends a strong message to cybercriminals worldwide: international collaboration in the fight against cybercrime is bearing fruit. Law enforcement agencies around the world are more determined than ever to work together to disrupt malicious operations, and protect citizens and businesses from digital threats.

Lockbit, a group notorious for large-scale attacks

Prior to this operation, the LockBit ransomware group claimed responsibility for several notable attacks, targeting high-profile companies around the world. Among these attacks, LockBit claimed to have infiltrated the systems of fast-food chain Subway, seizing a significant amount of data . Companies such as Boeing and CDW, renowned for their importance in the aerospace and technology sectors respectively, have also been targeted by LockBit, demonstrating the pervasive threat this group poses to a variety of industries.

Towards a more secure future?

Operation Cronos is a shining example of what can be achieved when nations join forces against cybercrime. At SOS Ransomware, we’re not celebrating this victory, we’re remaining vigilant, aware that the fight against cybercrime is an ongoing effort. We have experienced this on several occasions, with groups that seem to have been dismantled, but are developing a new branch. Like the hydra, cutting off a head can lead to the regrowth of new, sometimes even stronger networks, as we saw with AlphV/BlackCat.

Operation Cronos is not only a first victory against LockBit, but also a symbol of hope. It demonstrates that, in the face of adversity, unity and cooperation can lead to remarkable successes. At a time when cybercrime sometimes seems insurmountable, operations like Cronos remind us that we are not powerless. On the contrary, we are stronger together…

Partager cet article

Leave a Reply

Your email address will not be published. Required fields are marked *