International law enforcement disrupts notorious cybercrime gang Lockbit, known for ransomware attacks, as a collaborative effort by the US, UK, and Europol unfolds, aiming to curb its global activities and exposing its affiliation with major data breaches.
A rare international law enforcement operation has disrupted Lockbit, a notorious cybercrime gang known for holding victims' data for ransom, announced the gang along with authorities from the US, UK, and Europol on Monday. The operation, coordinated by Britain’s National Crime Agency, the U.S. Federal Bureau of Investigation, and a coalition of international police agencies, aimed to curb cybercriminal activities.
"This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’," the post said.
The NCA reveals details of an international disruption campaign targeting the world’s most harmful cyber crime group, Lockbit.
Watch our video and read on to learn more about Lockbit and why this is a huge step in our collective fight against cyber crime. pic.twitter.com/m00VFWkR9Z
A spokesperson from the NCA and a representative from the US Department of Justice verified that the agencies had disrupted the activities of the gang, emphasizing that the operation is "ongoing and evolving".
In the United States, Lockbit has targeted over 1,700 organizations across various sectors including financial services, food, schools, transportation, and government departments, leading officials to label the group as the world's foremost ransomware threat.
Lockbit's representative declined to comment in response to media inquiries but conveyed via messages on an encrypted messaging app that the gang maintains backup servers unaffected by the law enforcement operation.
Additionally, the post mentioned involvement from international police organizations including those from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.
Our work does not stop here. We know Lockbit will likely try to regroup and rebuild their criminal enterprise.
However, we will be watching and we will not stop in efforts to target this group and their associates.
Read the full story ➡️ https://t.co/WSHNvfdhwh
In recent months, Lockbit and its affiliates have targeted some of the world's largest organizations, operating by stealing sensitive data and threatening to expose it unless victims comply with exorbitant ransom demands. Affiliates of Lockbit are akin to similar criminal groups recruited by the gang to execute attacks utilizing its digital extortion tools.
Ransomware, a form of malicious software, encrypts data, and Lockbit profits by compelling targets to pay ransom in exchange for the decryption or unlocking of their data using a digital key.
Lockbit first emerged in 2020 when its namesake malware surfaced on Russian-language cybercrime forums, prompting some security analysts to speculate that the gang originates from Russia. However, the gang has not declared allegiance to any government, and no government has officially linked it to a specific nation-state. On its former dark web platform, the group claimed to be "located in the Netherlands, completely apolitical and only interested in money."
In November of last year, Lockbit disclosed internal data from Boeing (BA.N), a major global defense and aerospace contractor. Additionally, in early 2023, Britain's Royal Mail experienced significant disruption following an attack by the group.