Lockbit's Website Taken Down By Law Enforcement

Uploaded on 2024-02-21 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The website used by LockBit, a major criminal ransomware cyber attack gang, has been taken over by UK Law Enforcement. The site allow people to hack computer networks and hold the victim’s data until a ransom is paid. Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.

An unexpece message appeared on the site belonging to the group saying it is "now under control of law enforcement" the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

It says that this is an "ongoing and developing operation". A message appeared on the site of ransomware specialist LockBit, "This site is now under the control of the NCA of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," it reads. “LockBit have been in operation for four years and during that time, attacks utilising their ransomware were prolific. LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery." 

“The group provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure required to carry out attacks... When a victim’s network was infected by LockBit’s malicious software, their data was stolen and their systems encrypted. A ransom would be demanded in cryptocurrency for the victim to decrypt their files and prevent their data from being published, “ says the NCA statement.

The operation was conducted by Britain's NCA, the US Federal Bureau of Investigation (FBI), Europol and a coalition of international police agencies, according to the post on LockBit's website.

In 2023 the UK had the second highest number of published LockBit victims (65) behind the USA (396). Other nations reporting Lockbit malware incidents in 2023 included  France (51),Germany (43), Canada (42), Italy (35), Spain (25), India (22), Australia (21) and Brazil (21), demonstrating the prevelance of Lockbit's activitoes. 

The group and its affiliates make money by stealing sensitive data and threatening to leak it unless their victims pay a ransom. LockBit has been involved in sequence of high profile hackings, notably including in an attack on the British Royal Mail, the City of Montreal's electricity supply and the Ports of Lisbon and Nagoya

Check Point Software Technologies’ Threat Intelligence Group Manager, Sergey Shykevich commented "This is bad timing for LockBit, having recently been removed from two Russian underground cybercrime forums for questionable business ethics.This latest action by UK and US authorities will be a major setback for their operations, and is likely to degrade their ability to recruit and retain affiliates. However... ransomware gangs are notoriously resilient and may emerge under a different banner in the near future. The threat from this criminal gang and other ransomware groups will continue, and organisations must be constantly on their guard.”

According to Huseyin Can Yuceel, security researcher at Picus Security “Ransomware groups often leverage public-facing vulnerabilities to infect their victims with ransomware. This time, Operation Cronos gave LockBit operators a taste of their own medicine. ... Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online. Currently, LockBit associates are not able to login to LockBit services."

"In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild. Takedowns are short-lived if no one is arrested." Yuceel added.

Last year the UK's National Cyber Security Centre (NCSC)  issued a warning about the "enduring threat" posed by the group, alongside partner agencies in the US, Australia, Canada, France, Germany and New Zealand and the NCSC says that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted. 

The NCSC statement describes LockBit's software as the "most deployed ransomware variant" across the world in 2022, and that it "continues to be prolific so far in 2023". LockBit was first detected in 2020, when the software surfaced on Russian language forums, leading some analysts to believe the group is based in Russia. 

NCA:      @vxunderground:    BBC:     Independent:      Ground:    Standard:     Shropshite Star:   

 Reddit:     Barrons:    HepNetSecurity:     Image: summerphotos

You Might Also Read: 

Ransomware: Businesses Are Well Equipped But Underprepared:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« 23andMe Sparks A Rethink About Safeguarding Critical Data
Top Three Types of Data Security Technology »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CyberScout

CyberScout

Cyberscout delivers the latest cybersecurity education, protection and resolutions services. We also provide swift incident response services around the world.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Centro de Gestion de Incidentes Informaticos (CGII) - Bolivia

Centro de Gestion de Incidentes Informaticos (CGII) - Bolivia

CGII is the Computer Incident Management Center of the State of Bolivia.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Cyberscore

Cyberscore

CyberScore specialize in digital security assessments that preventively make digital environments safer against malicious attacks from inside and outside.