Authorities seize dark web leak site from LockBit ransomware gang

A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang.

LockBit’s dark web leak site — where the group publicly lists its victims and threatens to leak their stolen data unless a ransom demand is paid — was replaced with a law enforcement notice on Monday.

“This site is now under the control of the National Crime Agency of the U.K., working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos,’” the message reads. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation.”

The downed extortion page — which, like other dark web sites, is not indexed by conventional search and requires special software such as the Tor browser to access — also features the logos of Europol and other international police organizations from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.

Hattie Hafenrichter, a spokesperson for the U.K.’s National Crime Agency, confirmed to TechCrunch that “LockBit services have been disrupted as a result of international law enforcement action,” adding that this is an “ongoing and developing operation.”

Further details about the operation, such as whether any arrests have been made, are unknown, with more details set to be announced later on Tuesday.

However, LockBit’s operators are believed to be based in Russia, making an arrest unlikely. Prior to Monday’s takedown, the group claimed on its dark web leak site that it was “located in the Netherlands, completely apolitical and only interested in money.”

Since it first emerged as a ransomware-as-a-service (RaaS) operation in late 2019, LockBit has become one of the world’s most prolific cybercrime gangs. According to U.S. cybersecurity officials, LockBit has been used in approximately 1,800 ransomware attacks against victim systems in the United States and worldwide, and the group has been associated with approximately $91 million in ransoms paid.

Matt Hull, head of threat Intelligence at U.K.-based cybersecurity firm NCC Group, told TechCrunch that the company recorded 1,039 victims of LockBit in 2023 alone, or “22% of all ransomware victims we identified for the whole year.”

LockBit and its affiliates have claimed responsibility for hacking some of the world’s largest organizations. The group last year claimed responsibility for attacks against aerospace giant Boeing, chipmaker TSMC, and U.K. postal giant Royal Mail. In recent months, LockBit has claimed responsibility for a ransomware attack on Georgia’s Fulton County that has disrupted key county services for weeks and for a cyberattack targeting India’s state-owned aerospace research lab.

Monday’s takedown is the latest in a series of law enforcement actions targeting ransomware gangs. In December, a group of international law enforcement agencies announced they had seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat, which claimed a number of high-profile victims, including news-sharing site Reddit, healthcare company Norton, and the U.K.’s Barts Health NHS Trust.

This is a developing story. 

Source link