The notorious LockBit ransomware crew has been disrupted in an global regulations enforcement sting led by the UK’s Nationwide Crime Company
The LockBit ransomware crew that turned into in the serve of a number of the foremost major cyber incidents of contemporary years, most famously the January 2023 attack on Royal Mail, has been taken down and its infrastructure seized in a global police sting spearheaded by the UK’s Nationwide Crime Company (NCA).
On the time of writing, precise indispensable facets of the personality of the motion, dubbed Operation Cronos, are scant pending an unswerving press convention to be held on the morning of Tuesday 20 February. Nonetheless, the NCA has confirmed by electronic mail that it had conducted a “foremost global operation” in opposition to the ransomware operator.
Other operations concerned encompass the US’ FBI, and companies from Australia, Canada and Japan, and varied European Union (EU) states working thru Europol.
A mediate about posted to the LockBit gang’s sad net leak characteristic reads: “This characteristic is now under the protect watch over of the Nationwide Crime Company of the UK, working in close cooperation with the FBI and the global regulations enforcement activity pressure, Operation Cronos.
“We can ascertain that LockBit’s companies and products had been disrupted as a outcomes of global regulations enforcement motion – this is an ongoing and rising operation.”
Journalists at Bleeping Computer have additionally confirmed that the sites feeble by LockBit to ‘negotiate’ with its victims are also down, even supposing other parts of the gang’s operation develop seem like running.
Early response
SecureWorks Counter Threat Unit vice president Don Smith, who pursues ransomware gangs for a residing, described the takedown as “fantastic”.
“In a extremely competitive and cutthroat marketplace, LockBit rose to change into the most prolific and dominant ransomware operator. It approached ransomware as a global industry different and aligned its operations, accordingly, scaling thru friends at a fee that merely dwarfed other operations,” acknowledged Smith.
“To position at the fresh time’s takedown into context, per leak characteristic data, LockBit had a 25% piece of the ransomware market. Their nearest rival turned into BlackCat at spherical 8.5% and after that it in fact begins to fragment. LockBit dwarfed all other teams and at the fresh time’s motion is extremely foremost.”
Smith added: “LockBit’s friends allegiances with the community had been already fickle and so even as some would be dissuaded, sadly many will likely align with other criminal organisations.”
Described by the Nationwide Cyber Security Centre (NCSC) as an “enduring risk”, LockBit first emerged in early 2020 and by 2022 had risen to change into one among the most active ransomware-as-a-provider operations worldwide.
Along with Royal Mail, other illustrious targets included instrument firm Evolved, by which it disrupted NHS companies and products, and more currently Boeing and other victims that it focused thru the Citrix Bleed vulnerabilities.
Modern, snappy-thinking and media-savvy as ransomware gangs lumber, LockBit proved adept at attracting friends with a easy, point-and-click ransomware interface and attention-grabbing price phrases for its low-diploma cyber criminal friends.
It also sought and obtained attention for its publicity-producing stunts, which included paying of us to get LockBit tattoos, and providing a $1m prize fund for anyone who managed to dox its lead operator. It even ran its enjoy in-apartment worm bounty programme.
That is a breaking news story. Coverage will continue on Tuesday 20 February.
Be taught more on Hackers and cybercrime prevention
![]()
NCC Team recordsdata the most ransomware victims ever in 2023
By: Arielle Waldman
![]()
Top 10 cyber crime reports of 2023
By: Alex Scroxton
![]()
Dual ransomware attacks on the upward thrust, nevertheless causes are unclear
By: Arielle Waldman
![]()
Royal Mail resumes fleshy export provider after cyber attack
By: Alex Scroxton
