The infamous LockBit ransomware operation has been disrupted by a global police effort codenamed ‘Operation Cronos,’ involving law enforcement authorities from 11 countries.
According to the banner displayed on Lockbit’s main page, the site is now under the control of the UK’s National Crime Agency.
“We can confirm that Lockbit’s services have been disrupted as a result of International Law enforcement action - this is an ongoing and developing operation,” - the message reads.
It appears that the law enforcement authorities have also commandeered the LockBit control panel.
“Law Enforcement has taken control of Lockbit's platform and obtained all the information held on there. This information relates to the Lockbit group and you, their affiliate. We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more,” the message displayed on the LockBit panel reads.
“You can thank Lockbitsupp and their flawed infrastructure for this situation... we may be in touch with you very soon. Have a nice day. Regards, The National Crime Agency of the UK, the FBI, Europol, and the Operation Cronos Law Enforcement Task Force.”
LockBitSupp’s account status on the Tox messaging service LockBitSupp, now shows a message stating that the FBI compromised the ransomware operation's servers using a PHP exploit.
Recently, LockBitSupp, who is a well-known member of the LockBit ransomware group, has been banned from two prominent Russian-speaking forums: XSS and Exploit for not sharing any profit with another forum member who had collaborated with LockBit, providing access to a target entity.
The LockBit ransomware-as-a-service (RaaS) operation emerged in September 2019 and has since targeted a wide range of high-profile organizations worldwide. In 2022, LockBit was the most deployed ransomware variant across the world and continued to be prolific in 2023. According to the FBI, the ransomware group has claimed 1,600 victims in the US and 2,000 internationally. The agency said it’s tracking 144 million ransoms paid in relation to LockBit attacks.
Last week, the US State Department announced a reward of up to $10 million for information leading to the identification or location of key members of the ALPHV/Blackcat ransomware group and up to $5 million for information leading to the arrest or conviction of anyone participating in or conspiring or attempting to participate in a ransomware attack using the ALPHV/Blackcat variant.