An international coalition led by UK and US forces has crippled LockBit, a notorious Russian-linked ransomware group. The operation marks a significant blow to the group responsible for widespread cybercrimes. LockBit has inflicted billions in damages, targeting governments, corporations, and healthcare sectors.
Operation Cronos Strikes
Operation Cronos, a collaborative effort involving the National Crime Agency (NCA), FBI, Europol, and other global partners, penetrated LockBit’s network. Authorities commandeered the group’s infrastructure, capturing its source code and decryption keys. This breach aids victims in data recovery, offering a ray of hope.
The group’s website, a hub for cyberattack coordination, was seized on Monday evening. A notice declared law enforcement’s control over the site, effectively neutralizing LockBit’s operations. The US Justice Department reported the seizure of LockBit’s websites and servers, further tightening the noose.
The NCA has gathered over 1,000 decryption keys. It plans to assist UK victims in the forthcoming days. Graeme Biggar, NCA’s director-general, emphasized LockBit’s significant role in recent cyberattacks, noting the group’s reach and financial impact.
Since its inception, LockBit has victimized over 2,000 entities, raking in more than $120 million. High-profile targets include Britain’s Royal Mail, Boeing, and a Canadian children’s hospital. This crackdown follows the dismantling of the Hive ransomware operation, with LockBit emerging as a leading threat.
LockBit utilizes a ransomware-as-a-service (RaaS) model. This approach enables criminals with minimal tech skills to execute attacks. RaaS operates openly on the dark web, with developers offering malware for a share of the ransom.
Recently, the US indicted two Russians linked to LockBit, increasing the tally to five. Despite LockBit’s Russian ties, no direct state support has been identified. However, a tacit tolerance for cyber criminality within Russia is evident.