LockBit ransomware site seized by law enforcement

20 Feb 2024

Image: © Atakan Ozkan/Stock.adobe.com

The criminal group has been linked to various high-profile cyberattacks and appears to have been disrupted by a major international police operation.

The notorious LockBit ransomware gang has suffered a severe disruption as a result of a major international law enforcement operation.

The gang’s data leak website has been seized by the National Crime Agency (NCA) of the UK, which worked with the FBI and an international task force. That’s according to a screenshot of the seized website being shared on social media.

The website notice says that LockBit’s services were disrupted due to an “ongoing and developing operation” . The international task force has been dubbed Operation Cronos.

A joint press release is expected to be released later today (20 February) containing more information. A spokesperson for the NCA confirmed the disruption of LockBit’s operations to Bleeping Computer.

A screenshot shared on X also suggests that a message from the NCA appears on the LockBit affiliate panel, warning users of the panel that data on the gang’s activities has been taken by the task force.

LockBit is a ransomware-as-a-service group that claimed responsibility for various high-profile data breaches in recent years. The gang claimed responsibility for a cyberattack on Royal Mail last year, which made the UK postal service temporarily unable to send items overseas.

In November 2023, the US arm of one of China’s biggest banks – ICBC – confirmed that it was investigating a ransomware attack. A Bloomberg report claimed this ICBC attack could be traced to the LockBit ransomware group.

Huseyin Can Yuceel, a security researcher at Picus Security, said LockBit operators have been given “a taste of their own medicine” as law enforcement agencies managed to access to the gang’s source code, internal chat, victim details and stolen data.

“Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online,” Can Yuceel said. “Currently, LockBit associates are not able to login to LockBit services.

“In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild. Takedowns are short-lived if no one is arrested.”

It appears operations against ransomware groups have been ramping up recently. Towards the end of 2023, an international operation managed to seize the web leak site belonging to the ransomware hacker gang ALPHV, also known as BlackCat.

A report by Corvus Insurance claimed ransomware activity grew in 2023, but also suggested that significant law enforcement activity disrupted the ransomware ecosystem towards the end of 2023.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com