Lockbit's Website Taken Down By Law Enforcement

Uploaded on 2024-02-21 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The website used by LockBit, a major criminal ransomware cyber attack gang, has been taken over by UK Law Enforcement. The site allow people to hack computer networks and hold the victim’s data until a ransom is paid. Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.

An unexpece message appeared on the site belonging to the group saying it is "now under control of law enforcement" the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

It says that this is an "ongoing and developing operation". A message appeared on the site of ransomware specialist LockBit, "This site is now under the control of the NCA of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," it reads. “LockBit have been in operation for four years and during that time, attacks utilising their ransomware were prolific. LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery." 

“The group provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure required to carry out attacks... When a victim’s network was infected by LockBit’s malicious software, their data was stolen and their systems encrypted. A ransom would be demanded in cryptocurrency for the victim to decrypt their files and prevent their data from being published, “ says the NCA statement.

The operation was conducted by Britain's NCA, the US Federal Bureau of Investigation (FBI), Europol and a coalition of international police agencies, according to the post on LockBit's website.

In 2023 the UK had the second highest number of published LockBit victims (65) behind the USA (396). Other nations reporting Lockbit malware incidents in 2023 included  France (51),Germany (43), Canada (42), Italy (35), Spain (25), India (22), Australia (21) and Brazil (21), demonstrating the prevelance of Lockbit's activitoes. 

The group and its affiliates make money by stealing sensitive data and threatening to leak it unless their victims pay a ransom. LockBit has been involved in sequence of high profile hackings, notably including in an attack on the British Royal Mail, the City of Montreal's electricity supply and the Ports of Lisbon and Nagoya

Check Point Software Technologies’ Threat Intelligence Group Manager, Sergey Shykevich commented "This is bad timing for LockBit, having recently been removed from two Russian underground cybercrime forums for questionable business ethics.This latest action by UK and US authorities will be a major setback for their operations, and is likely to degrade their ability to recruit and retain affiliates. However... ransomware gangs are notoriously resilient and may emerge under a different banner in the near future. The threat from this criminal gang and other ransomware groups will continue, and organisations must be constantly on their guard.”

According to Huseyin Can Yuceel, security researcher at Picus Security “Ransomware groups often leverage public-facing vulnerabilities to infect their victims with ransomware. This time, Operation Cronos gave LockBit operators a taste of their own medicine. ... Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online. Currently, LockBit associates are not able to login to LockBit services."

"In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild. Takedowns are short-lived if no one is arrested." Yuceel added.

Last year the UK's National Cyber Security Centre (NCSC)  issued a warning about the "enduring threat" posed by the group, alongside partner agencies in the US, Australia, Canada, France, Germany and New Zealand and the NCSC says that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted. 

The NCSC statement describes LockBit's software as the "most deployed ransomware variant" across the world in 2022, and that it "continues to be prolific so far in 2023". LockBit was first detected in 2020, when the software surfaced on Russian language forums, leading some analysts to believe the group is based in Russia. 

NCA:      @vxunderground:    BBC:     Independent:      Ground:    Standard:     Shropshite Star:   

 Reddit:     Barrons:    HepNetSecurity:     Image: summerphotos

You Might Also Read: 

Ransomware: Businesses Are Well Equipped But Underprepared:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« 23andMe Sparks A Rethink About Safeguarding Critical Data
Top Three Types of Data Security Technology »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

The Cyber Guild

The Cyber Guild

The Cyber Guild is a not-for-profit organization working to improve the understanding and practice of cybersecurity, and to help raise awareness and education for all.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.