LockBit Arrests and Sanctions

Uploaded on 2024-10-07 in FREE TO VIEW, GOVERNMENT-Law Enforcement

Europol and others countries have taken significant steps against the notorious Lockbit ransomware group with arrests and international sanctions and this is the third phase of Operation Cronos.

This recent international law enforcement actions has led to four arrests and the closing of nine servers connected to the LockBit, or Bitwise Spider, the cyber ransomware operation.

A suspected developer of LockBit was arrested at the request of the French authorities, while the British authorities arrested two individuals for supporting the activity of a LockBit affiliate.

The Spanish officers seized nine servers, part of the ransomware’s infrastructure, and arrested an administrator of a Bulletproof hosting service used by the ransomware group.

In addition, Australia, the United Kingdom and the United States implemented sanctions against an actor who the National Crime Agency had identified as prolific affiliate of LockBit and strongly linked to Evil Corp.

The latter comes after LockBit’s claim that the two ransomware groups do not work together.

The United Kingdom sanctioned fifteen other Russian citizens for their involvement in Evil Corp’s criminal activities, while the United States also sanctioned six citizens and Australia sanctioned two.

LockBit Infrastructure Disruption

These are some of the results of the third phase of Operation Cronos, a long-running collective effort of law enforcement authorities from 12 countries, Europol and Eurojust, who joined forces to effectively disrupt at all levels the criminal operations of the LockBit ransomware group.

These actions follow the massive disruption of LockBit infrastructure in February 2024, as well as the large series of sanctions and operational actions that took place against LockBit administrators in May and subsequent months.

Between 2021 and 2023, LockBit was the most widely employed ransomware variant globally with a notable number of victims claimed on its data leak site. Lockbit operated on the ransom as a service model.

The core group sold access to affiliates and received portions of the collected ransom payments. Entities deploying LockBit ransomware attacks had targeted organisations of various sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing and transportation.

Reflecting the considerable number of independent affiliates involved, LockBit ransomware attacks display significant variation in observed tactics, techniques and procedures.

Reducing Ransom Decrypted Files

With Europol’s support, the Japanese Police, the National Crime Agency and the Federal Bureau of Investigation have concentrated their technical expertise on developing decryption tools designed to recover files encrypted by the LockBit Ransomware.

The support from the cyber security sector has also proven crucial for minimising the damage from ransomware attacks, which remains the biggest cyber crime threat.

Many partners have already provided decryption tools for a number of ransomware families via the ‘No More Ransom’ website.
These solutions have been made available for free on the No More Ransom’ portal, available in 37 languages. So far, more than 6 million victims around the globe have benefitted from No More Ransom, which contains over 120 solutions capable of decrypting more than 150 different types of ransomware.

Europol’s Engagement

Europol facilitated the information exchange, supported the coordination of the operational activities and provided operational analytical support, as well as crypto tracing and forensic support.

The analysis workflow proposed after the first operation enabled a joint work focused on the identification of the LockBit actors. The advanced demixing capabilities of Europol’s Cybercrime Centre enabled the identification of several targets.

Following the initiation operations against LockBit’s infrastructure in the beginning of 2024, Europol organised seven technical sprints, three of which were fully dedicated to crypto-currency tracing. During the action days, Europol deployed an expert to provide on-the-spot support to the national authorities.

The Joint Cybercrime Action Taskforce (J-CAT) at Europol supported the operation. This standing operational team consists of cyber liaison officers from different countries who work from the same office on high-profile cybercrime investigations.

Europol     |     The Hacker News     |     No More Ransom     |     Bitcoin News     |     Computing
HIPAA Journal     |     Helpnet Security     |     OCCRP

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« US Legislation To Combat Chinese Cyber Threats
US Might Legislate To Break Up Google »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

AnubisNetworks

AnubisNetworks

AnubisNetworks is one of Europe’s leading threat intelligence and email security suppliers.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.