Law enforcement agencies, as part of the joint operation “Operation Cronos”, have seized the LockBit ransomware group’s blog site. LockBit stated in Tox that the FBI disrupted servers using a PHP exploit. Law enforcement has also taken control of LockBit’s platform and obtained all the information held on there, leaving the message “We may be in touch with you very soon”.
Subsequent updates from law enforcement revealed the arrest of two members of LockBit ransomware group in Poland and Ukraine. Additionally, authorities distributed a recovery tool and decryption keys to aid affected parties. The LockBit ransomware group’s blog site is slated for closure within 4 days. As part of their ongoing efforts, law enforcement agencies are collaborating to identify and address LockBit’s affiliates. They have taken down 34 servers as a result of the compromised LockBit platform.
More details on Operation Cronos:
- Participation of law enforcement agencies from 10 nations
- Two individuals affiliated with LockBit apprehended in Poland and Ukraine at the behest of French authorities
- Over 200 cryptocurrency accounts tied to the criminal syndicate have been frozen, signaling a commitment to disrupt ransomware-driven economic incentives
- The extensive operation spanned months and resulted in the infiltration of LockBit’s primary platform and supporting infrastructure. This encompassed the takedown of 34 servers across various countries, including the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States, and the United Kingdom
- More than 14,000 illicit accounts responsible for data exfiltration or infrastructure have been pinpointed and recommended for removal by law enforcement
- The UK’s National Crime Agency has assumed control of LockBit’s technical infrastructure, including their dark web leak site where stolen data from ransomware attacks was previously hosted