Notorious LockBit Ransomware Disrupted by Global Police, NCA Takes Control of Website

Written by Mitchell Langley

February 20, 2024

Notorious LockBit Ransomware Disrupted by Global Police, NCA Takes Control of Website

With the LockBit ransomware disrupted, the LockBit’s Website has been taken over and replaced with law enforcement agencies’ logos from eleven nations.

LockBit Ransomware Disrupted by Global Law Enforcement

The website of the infamous ransomware gang LockBit has been seized by law enforcement authorities, signaling a significant disruption to the group’s activities.

The authorities, led by the UK’s National Crime Agency (NCA), have taken control of LockBit’s .onion site, prominently displaying the message “The site is now under the control of law enforcement.”

They are expected to reveal further details about their operation against the group in the near future.

“We can confirm that LockBit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation,”

Lockbit Cybercrime Gang Disrupted in What is Being Called as the ‘Operation Cronos’

According to the webpage, more details about the operation will be disclosed on Tuesday, February 20 at 11:30 GMT. The page also mentions collaboration between the UK’s National Crime Agency (NCA), the FBI, and a global law enforcement task force called Operation Cronos.

The webpage also showcases logos of Europol and law enforcement agencies from various countries, including Australia, Germany, the Netherlands, Japan, France, and Switzerland. National flags of Canada, Sweden, and Finland are also displayed.

With LockBit ransomware gang disrupted and its website taken down, it is still just a small part of its ransomware infrastructure.

The web pages may not be the primary tool of a ransomware gang. Infact this particular page could be a façade. However, reports suggest that Europol has claimed responsibility for shutting down LockBit, indicating that Operation Cronos may have indeed disrupted the gang’s operations.

Lockbit Ransomware Disrupted in What is Being Called as the ‘Operation Cronos’

If that is the case, this action is undoubtedly a positive development. LockBit has gained notoriety for its extensive and ruthless cyber attacks, including targeting a children’s hospital, Infosys, Subway sandwich chain, and numerous other victims.

US authorities have reported a staggering number of LockBit attacks in the country, with at least 1,700 incidents detected as of mid-2023. The group is believed to be responsible for nearly a quarter of all ransomware attacks in certain nations.

LockBit Was the Pioneer of the RaaS (Ransomware-as-a-Service)

LockBit is notably recognized as one of the early adopters of the ransomware-as-a-service model. The gang provided its malicious software to affiliates who handled negotiations with victims and shared a portion of the proceeds with the group. However, the effectiveness of this business model declined in late 2023, prompting LockBit to revise its rules to ensure that their affiliates extracted larger ransoms and provided a higher share to the gang.

Beyond the cybersecurity implications, there are wider geopolitical concerns as LockBit is suspected to be directed from Moscow, possibly as part of a broader campaign to disrupt adversaries of Russia.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!