LockBit disrupted by efforts of international law enforcement

WASHINGTON, D.C., and LONDON – Law enforcement has struck a major blow against cybercriminals as an international task force arrested and indicted members of the LockBit ransomware group.

Called, “Operation Chronos,” the action was a joint effort by Britain’s National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) with a coalition of 10 countries that culminated with the seizure of LockBit operations and the apprehension of several affiliated hackers. In efforts coordinated with Europol, two threat actors were arrested in Poland and Ukraine, and the FBI has two others in custody that will face trial in the U.S. with an additional two Russian nationals who’ve had indictments unsealed against them for conspiring to commit ransomware attacks with LockBit.

“Today’s announcement marks an extraordinary win for the FBI and our law enforcement partners around the globe,” said FBI Deputy Director Paul Abbate. “In addition to disrupting the LockBit ransomware group at every level, we are also providing assistance and support to the victims of the largest and most deployed ransomware variant around the world. It is difficult to say how many victims of LockBit there are, but we estimate in 2023 alone there were 1,000 victims just in the United States.”

In its four years of operations the FBI has estimated that LockBit has had more than 2,000 victims, garnered more than $120 million in ransom payments, and made even more ransom demands totaling hundreds of millions of dollars. Notable ransoms in 2023 include attacks on the U.S. subsidiary of the Chinese state-owned Industrial and Commercial Bank of China, and data extracted from the Boeing Company aerospace manufacturer.

Jim McGann, VP of strategic partnerships at Index Engines, a New Jersey-based cybersecurity company, offered Security Systems News (SSN) the following comment, “The coordinated effort to dismantle one of the most prolific ransomware criminal organizations marks a significant milestone in safeguarding organizations against disruptive cyberattacks. LockBit, which targeted over 2,000 victims worldwide and amassed hundreds of millions in ransom payments, facilitated a vast network of malicious actors through its ransomware-as-a-service model. While the shutdown directly impacts LockBit and its global network of cyber criminals, it represents a commendable stride in cyberattack mitigation. However, history has shown that shuttered organizations often resurface under new guises in uncooperative jurisdictions that shield the masterminds from apprehension. Consequently, they retain the freedom to reignite their cyber warfare without retribution.”

Currently the LockBit website that once hosted a growing display of victims with countdown clocks indicating the days remaining until the group leaked their data, has been replaced by the NCA, Europol, and the FBI to show data about the Lockbit gang instead. The countdown clocks now promise to reveal new sanctions against members and a promise to reveal the identity of "LockbitSupp," the group’s eponymous ringleader.

“Our work does not stop here,” said National Crime Agency Director General Graeme Biggar. “LockBit may seek to rebuild their criminal enterprise. However, we know who they are, and how they operate. We are tenacious and we will not stop in our efforts to target this group and anyone associated with them.”

The video statement by Abbate is available in full online at www.fbi.gov, to learn more about Index Engines please visit www.indexengines.com.