Global law enforcement agencies disrupt 'most harmful cyber crime group' Lockbit in coordinated operation
International law enforcement disrupts notorious cybercrime gang Lockbit, known for ransomware attacks, as a collaborative effort by the US, UK, and Europol unfolds, aiming to curb its global activities and exposing its affiliation with major data breaches.
FollowA rare international law enforcement operation has disrupted Lockbit, a notorious cybercrime gang known for holding victims' data for ransom, announced the gang along with authorities from the US, UK, and Europol on Monday. The operation, coordinated by Britain’s National Crime Agency, the U.S. Federal Bureau of Investigation, and a coalition of international police agencies, aimed to curb cybercriminal activities.
"This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’," the post said.
A spokesperson from the NCA and a representative from the US Department of Justice verified that the agencies had disrupted the activities of the gang, emphasizing that the operation is "ongoing and evolving".
In the United States, Lockbit has targeted over 1,700 organizations across various sectors including financial services, food, schools, transportation, and government departments, leading officials to label the group as the world's foremost ransomware threat.
Lockbit's representative declined to comment in response to media inquiries but conveyed via messages on an encrypted messaging app that the gang maintains backup servers unaffected by the law enforcement operation.
Additionally, the post mentioned involvement from international police organizations including those from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.
In recent months, Lockbit and its affiliates have targeted some of the world's largest organizations, operating by stealing sensitive data and threatening to expose it unless victims comply with exorbitant ransom demands. Affiliates of Lockbit are akin to similar criminal groups recruited by the gang to execute attacks utilizing its digital extortion tools.
Ransomware, a form of malicious software, encrypts data, and Lockbit profits by compelling targets to pay ransom in exchange for the decryption or unlocking of their data using a digital key.
Lockbit first emerged in 2020 when its namesake malware surfaced on Russian-language cybercrime forums, prompting some security analysts to speculate that the gang originates from Russia. However, the gang has not declared allegiance to any government, and no government has officially linked it to a specific nation-state. On its former dark web platform, the group claimed to be "located in the Netherlands, completely apolitical and only interested in money."
In November of last year, Lockbit disclosed internal data from Boeing (BA.N), a major global defense and aerospace contractor. Additionally, in early 2023, Britain's Royal Mail experienced significant disruption following an attack by the group.
