The notorious LockBit ransomware group, responsible for over 17,000 cyberattacks against U.S. entities and pilfering millions from victims, has been shut down. An international effort between the U.K. National Crime Agency (NCA) and the U.S. Federal Bureau of Investigations (FBI), “Operation Cronos,” has seized LockBit’s assets and shut the group down – hopefully for good. Seized assets include cryptocurrency wallets, domains, and related infrastructure. LockBit ransomware decryption keys are also now publicly available.
Europol also stated that two LockBit members have been arrested: one in Poland, and the other in Ukraine.
LockBit Ransomware Decryption Keys now available
Visitors to the LockBit dark web website were greeted with a seizure notice, and the government agencies flipped the website into a press release portal exposing the group’s crimes and members and providing ransomware decryption keys.
As the joint government agency effort was codenamed, Operation Cronos took months to penetrate and eventually dismantle the group. The importance of the takedown of the LockBit ransomware gang can’t be overemphasized: the group wrought havoc indiscriminately against city governments, hospitals, and critical infrastructure.
“We have hacked the hackers,” Graeme Biggar, director general of the National Crime Agency, told journalists. “We have taken control of their infrastructure, seized their source code and obtained keys to help victims decrypt their systems,” Biggar continued.
The end of LockBit?
An unknown LockBit member stated to Reuters that some data was backed up and in possession in the group, not affected by the law enforcement seizure. However, the utility of any LockBit-based ransomware will be negligible at this point, with law enforcement now publicly providing decryption keys on the group’s former dark web site.
With some arrests already in process, other members will likely be exposed and arrested soon. But, it’s likely not the end of those members who are able to continue to evade law enforcement from continuing to hack and attack victims with new ransomware variants.
Additional reporting on this topic is available in our newsletter at The Breach Report. Be sure to subscribe today for our free cybersecurity newsletter.
