Today, the Department of Justice, alongside the United Kingdom and other global law enforcement bodies, announced a major operation against the LockBit ransomware group.
Key Takeaways
- On February 20, 2024, the Department of Justice, alongside the UK and international law enforcement, launched a significant operation against the LockBit ransomware group.
- As part of Operation Cronos, law enforcement agencies successfully compromised LockBit’s main platform, shut down 34 servers in various countries, and took control of over 14,000 criminal accounts.
- Over 1,000 decryption keys were retrieved from LockBit’s servers, enabling the development of a decryption tool for the LockBit 3.0 Black Ransomware variant, made available through the “No More Ransom” portal.
- Europol has collected extensive data on LockBit operations and is planning to use this intelligence in future efforts to dismantle the group’s leadership, developers, and associates.
- LockBit, operating on a RaaS model, has continually evolved its technology and tactics since its inception in September 2019, targeting over 2,000 entities worldwide and extracting over $120 million in ransom payments.
On February 20, 2024, the Department of Justice, in collaboration with the United Kingdom and various international law enforcement agencies, declared a significant crackdown on the LockBit ransomware group.
Stay One Step Ahead of Cyber Threats
Led by the UK’s National Crime Agency (NCA) Cyber Division, with support from the Justice Department, the FBI, and global law enforcement partners, the initiative has notably disrupted LockBit’s activities.
Success was achieved by seizing control of numerous websites and servers integral to LockBit’s infrastructure, impairing their capability to initiate attacks, encrypt networks, and intimidate victims by threatening to disclose stolen data.
As part of Operation Cronos, law enforcement agencies reported success in compromising LockBit’s primary platform and essential systems. This operation resulted in the shutdown of 34 servers across multiple countries and the takeover of more than 14,000 illicit accounts LockBit used for data storage and to facilitate attacks.
Furthermore, over 1,000 decryption keys were retrieved from LockBit’s servers. These keys were employed by the Japanese Police, the NCA, and the FBI, with Europol’s assistance, to develop a decryption tool for the LockBit 3.0 Black Ransomware variant, now available through the “No More Ransom” portal. Victims are encouraged to contact the FBI to investigate possible decryption solutions.
Europol has gathered extensive information on the LockBit operations, intending to use this data in future efforts to dismantle the leadership, developers, and associates within the LockBit network.
Moreover, the Justice Department has unsealed indictments against Russian nationals Artur Sungatov and Ivan Kondratyev, alleging their involvement in deploying LockBit ransomware against numerous targets in the U.S. and worldwide.
LockBit Ransomware-as-a-Service
LockBit operates under a ransomware-as-a-service (RaaS) model and began its initial campaign with the ABCD ransomware in September 2019. By June 2021, a new variant known as LockBit 2.0, or LockBit Red, was released, showcasing significant advancements in its operational capabilities.
A few months later, in October 2021, further expanding the ransomware’s reach and complexity, a new LockBit’s Linux-ESXi Locker version 1.0 was introduced. The development of LockBit ransomware continued with the launch of LockBit 3.0, also referred to as LockBit Black, in March 2023. This version was succeeded by another iteration known as LockBit Green in January 2023.
Focusing on large organizations capable of fulfilling substantial ransom demands, LockBit and its affiliates conduct their activities globally. As one of the most active ransomware groups globally, LockBit has targeted over 2,000 entities, securing over $120 million in ransom payments and issuing demands totaling hundreds of millions of dollars.
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
