LockBit, one of the worldâs most infamous cybercrime gangs, has been disrupted by the UKâs National Crime Agency (NCA) and international law enforcement agencies including Europol and the FBI.
The gang is known for holding victimsâ data to ransom and providing ransomware-as-a-service, whereby it licenses malware to other hackers.
LockBit has seen rapid growth since its emergence in 2019. According to Europol, in 2022, it was the most deployed ransomware in the world â causing billions of euros worth of damage globally.
âLockBit has long been a scourge to businesses, government agencies, and security professionals the world over,â said Andy Kays, CEO of cybersecurity startup Socura.
âIt is arguably the most active ransomware group ever, whose attacks are both devastating and indiscriminate.â
Operation Cronos
The takedown followed a months-long investigation led by the NCA as part of an international task force called Operation Cronos. According to Europol, the group has now comprised LockBitâs primary platform and critical infrastructure,â which includes the takedown of 34 servers spanning Europe, the US, and Australia.
Europol added that two LockBit actors have been arrested in Poland and Ukraine, while over 200 crypto accounts linked to the group have been frozen.
Jake Moore, Global Cybersecurity Advisor at ESET, praised the task forceâs collaborative approach.
âItâs extremely difficult to catch cybercriminals, especially those in huge operational groups, so disruption is a key police tactic,â he said.
âThe takedown of LockBitâs website will be a massive blow to cybercriminals and although it wonât eradicate the problem, it will disrupt the criminal network potentially saving businesses millions of pounds in targeted activity.â