Massive breaking news: Lockbit’s operations were seized by an unprecedented joint operation of multiple law enforcement agencies. Lockbit operators and clients attempting to access Lockbit’s website got a wake-up call.
According to the information available at this point, the National Crime Agency of the UK worked with the FBI and other law enforcement agencies to break down the ransomware ring. It also appears as if the operation is still ongoing.
It is unclear how the law enforcement agencies managed to infiltrate Lockbit’s systems, but the most natural assumption is that this is the result of months or years of surveillance. This is typically the case with most FBI operations, including those against extortion rings.
Operation Cronos is most definitely the result of years of efforts and monitoring which allowed law enforcement agencies to gather data and assess Lockbit’s vulnerabilities. One can only guess the result of the operation.
However, as is typically the case, it’s unlikely that the FBI can succeed in eradicating Lockbit completely. Ransomware agencies never disappear but rather adapt and rebrand themselves to lose their tails and reorganize.
Such is the case with Hive, DarkSide, and REvil, to name a few. Rather than disappearing completely, these organizations rebranded themselves under different names or spread their tools, manpower, and systems to form new entities.
The answer is still uncertain because we’re talking about an ongoing investigation with little information to work with. One of Lockbit’s major strengths is that it operates as a ransom-as-a-service (RaaS) tool. So, it relied on affiliates to conduct extensive operations.
Along with the organization’s predilection for always improving its systems and tools, this allowed Lockbit to stay one step ahead of its victims. This explains Lockbit’s astounding success rate and relentless activity level.
As investigations have shown, Lockbit would sometimes infiltrate 4 or more targets at once, often located across the globe. Many of such operations were conducted by affiliates, making it even more difficult to track down the main operators.
It’s one of the reasons why Lockbit has remained in power for so long. The organization first came to prominence in 2021 and exploded with full force in 2022. During one ransom event alone, Lockbit infiltrated the Corbeil Essones hospital.
In that case, the group demanded a $10 million ransom. Just one month later, Lockbit broke Pendragon LLC in the UK and tried to extort them of $60 million. So, it’s pretty clear that Lockbit wasn’t playing games, and law enforcement agencies recognized that.
This recent joint operation showed that they took the threat very seriously and used a lot of resources to crack down on the extortion ring.
We believe security online security matters and its our mission to make it a safer place.