In a coordinated international effort, the US and UK authorities have taken down LockBit, a notorious cybercrime gang infamous for ransomware attacks that block user access to computer systems in exchange for a ransom payment.
'Operation Cronos' Against LockBit Gang
According to Reuters, the rare international law enforcement operation, dubbed "Operation Cronos," was conducted by Britain's National Crime Agency, the US Federal Bureau of Investigation, Europol and a coalition of international police agencies.
An IT researchers stands next to a giant screen a computer infected by a ransomware at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes, on November 3, 2016.
"This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," a post on Lockbit's extortion website on Monday said.
While the agencies have confirmed their involvement in disrupting the activities of the LockBit gang, they have also emphasized that the operation was ongoing and "developing," an indication of a sustained effort to dismantle the criminal network.
LockBit, known for its extensive ransomware attacks targeting organizations in various sectors, have reportedly hacked some of the world's largest organizations in recent months.
It has been described by US officials as one of the world's top ransomware threats, having targeted over 1,700 organizations in the US alone, which spanned to industries such as financial services, education, transportation, and government agencies.
The gang's modus operandi involves stealing sensitive data from its victims and extorting large sums of money under the threat of releasing the stolen information publicly. LockBit operates as a sophisticated cybercriminal enterprise, recruiting affiliates to carry out attacks using its digital extortion tools.
The collaborative effort to combat cybercrime on a global scale is underscored by the involvement of law enforcement agencies from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.
Lockbit's Eponymous Malicious Software
Discovered in 2020 within Russian-language cybercrime forums, LockBit emerged with its eponymous malicious software, sparking speculation among security analysts about its Russian origins. Despite this, the gang has not openly aligned with any government, nor has any nation officially linked it to state sponsorship.
The group, as stated on its now-defunct darkweb platform, claimed a base in the Netherlands, emphasizing its apolitical stance and sole focus on financial gain.
Before its removal, LockBit's website showcased an expanding roster of victimized organizations, updated almost daily. Alongside these entities were digital countdown clocks, ticking away the time remaining for each organization to meet ransom demands.
Don Smith, vice president of Secureworks, a division of Dell Technologies, told Reuters that LockNit stood as the most prevalent and dominant ransomware operator within a fiercely competitive underground market.
In context, data from leak sites revealed LockBit commanded a 25% share of the ransomware market, surpassing its closest competitor, Blackcat, at approximately 8.5%, according to Smith.
Related Article:Russian Ransomware Group BlackCat Seized by US: Decryption Tool Distributed to Over 500 Victims
