An infamous cybercrime gang known for holding victims’ data to ransom has been disrupted by the National Crime Agency and a coalition of international police agencies, in a rare law enforcement operation.
Lockbit’s extortion website posted a message on Monday stating, “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.”
Europol, along with police organizations from France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany, contributed to the operation.
An NCA spokesperson confirmed the disruption of the gang, noting that the operation is ongoing and developing.
Despite Lockbit’s notoriety as one of the most prolific ransomware operators, targeting some of the world’s largest organizations, the group claims to be “located in the Netherlands, completely apolitical and only interested in money.”
Lockbit, discovered in 2020 on Russian-language cybercrime forums, is believed by some security analysts to be based in Russia. However, the group has not professed support for any government, and no government has formally attributed it to a nation-state.
US officials have labeled Lockbit as the world’s top ransomware threat, having targeted over 1,700 organizations in the US across various industries.
Royal Mail experienced severe disruption after a Lockbit attack in early 2023. Lockbit’s website previously displayed a gallery of victim organizations, updating daily with digital clocks indicating the number of days left for ransom payment.
Currently, the site displays a countdown from law enforcement agencies, inviting visitors to return for more information at 11:30 GMT on Tuesday, 20th February.
