Lockbit's Website Taken Down By Law Enforcement

Uploaded on 2024-02-21 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The website used by LockBit, a major criminal ransomware cyber attack gang, has been taken over by UK Law Enforcement. The site allow people to hack computer networks and hold the victim’s data until a ransom is paid. Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.

An unexpece message appeared on the site belonging to the group saying it is "now under control of law enforcement" the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

It says that this is an "ongoing and developing operation". A message appeared on the site of ransomware specialist LockBit, "This site is now under the control of the NCA of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," it reads. “LockBit have been in operation for four years and during that time, attacks utilising their ransomware were prolific. LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery." 

“The group provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure required to carry out attacks... When a victim’s network was infected by LockBit’s malicious software, their data was stolen and their systems encrypted. A ransom would be demanded in cryptocurrency for the victim to decrypt their files and prevent their data from being published, “ says the NCA statement.

The operation was conducted by Britain's NCA, the US Federal Bureau of Investigation (FBI), Europol and a coalition of international police agencies, according to the post on LockBit's website.

In 2023 the UK had the second highest number of published LockBit victims (65) behind the USA (396). Other nations reporting Lockbit malware incidents in 2023 included  France (51),Germany (43), Canada (42), Italy (35), Spain (25), India (22), Australia (21) and Brazil (21), demonstrating the prevelance of Lockbit's activitoes. 

The group and its affiliates make money by stealing sensitive data and threatening to leak it unless their victims pay a ransom. LockBit has been involved in sequence of high profile hackings, notably including in an attack on the British Royal Mail, the City of Montreal's electricity supply and the Ports of Lisbon and Nagoya

Check Point Software Technologies’ Threat Intelligence Group Manager, Sergey Shykevich commented "This is bad timing for LockBit, having recently been removed from two Russian underground cybercrime forums for questionable business ethics.This latest action by UK and US authorities will be a major setback for their operations, and is likely to degrade their ability to recruit and retain affiliates. However... ransomware gangs are notoriously resilient and may emerge under a different banner in the near future. The threat from this criminal gang and other ransomware groups will continue, and organisations must be constantly on their guard.”

According to Huseyin Can Yuceel, security researcher at Picus Security “Ransomware groups often leverage public-facing vulnerabilities to infect their victims with ransomware. This time, Operation Cronos gave LockBit operators a taste of their own medicine. ... Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online. Currently, LockBit associates are not able to login to LockBit services."

"In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild. Takedowns are short-lived if no one is arrested." Yuceel added.

Last year the UK's National Cyber Security Centre (NCSC)  issued a warning about the "enduring threat" posed by the group, alongside partner agencies in the US, Australia, Canada, France, Germany and New Zealand and the NCSC says that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted. 

The NCSC statement describes LockBit's software as the "most deployed ransomware variant" across the world in 2022, and that it "continues to be prolific so far in 2023". LockBit was first detected in 2020, when the software surfaced on Russian language forums, leading some analysts to believe the group is based in Russia. 

NCA:      @vxunderground:    BBC:     Independent:      Ground:    Standard:     Shropshite Star:   

 Reddit:     Barrons:    HepNetSecurity:     Image: summerphotos

You Might Also Read: 

Ransomware: Businesses Are Well Equipped But Underprepared:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« 23andMe Sparks A Rethink About Safeguarding Critical Data
Top Three Types of Data Security Technology »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Cybervergent

Cybervergent

Cybervergent (formerly Infoprive) are a leading cybersecurity technology company in Africa. We provide cybersecurity guidance and solutions that help protect your business.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.

GrabDefence

GrabDefence

GrabDefence enables digital businesses to thrive by safeguarding their ecosystem against fraud risk, digital identity threats and compliance challenges.