Lockbit's Website Taken Down By Law Enforcement

The website used by LockBit, a major criminal ransomware cyber attack gang, has been taken over by UK Law Enforcement. The site allow people to hack computer networks and hold the victim’s data until a ransom is paid. Ransomware is a form of malware which encrypts data and files inside a system and demands a ransom be paid in order to release them.

An unexpece message appeared on the site belonging to the group saying it is "now under control of law enforcement" the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'."

It says that this is an "ongoing and developing operation". A message appeared on the site of ransomware specialist LockBit, "This site is now under the control of the NCA of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," it reads. “LockBit have been in operation for four years and during that time, attacks utilising their ransomware were prolific. LockBit ransomware attacks targeted thousands of victims around the world, including in the UK, and caused losses of billions of pounds, dollars and euros, both in ransom payments and in the costs of recovery." 

“The group provided ransomware-as-a-service to a global network of hackers or ‘affiliates’, supplying them with the tools and infrastructure required to carry out attacks... When a victim’s network was infected by LockBit’s malicious software, their data was stolen and their systems encrypted. A ransom would be demanded in cryptocurrency for the victim to decrypt their files and prevent their data from being published, “ says the NCA statement.

The operation was conducted by Britain's NCA, the US Federal Bureau of Investigation (FBI), Europol and a coalition of international police agencies, according to the post on LockBit's website.

In 2023 the UK had the second highest number of published LockBit victims (65) behind the USA (396). Other nations reporting Lockbit malware incidents in 2023 included  France (51),Germany (43), Canada (42), Italy (35), Spain (25), India (22), Australia (21) and Brazil (21), demonstrating the prevelance of Lockbit's activitoes. 

The group and its affiliates make money by stealing sensitive data and threatening to leak it unless their victims pay a ransom. LockBit has been involved in sequence of high profile hackings, notably including in an attack on the British Royal Mail, the City of Montreal's electricity supply and the Ports of Lisbon and Nagoya

Check Point Software Technologies’ Threat Intelligence Group Manager, Sergey Shykevich commented "This is bad timing for LockBit, having recently been removed from two Russian underground cybercrime forums for questionable business ethics.This latest action by UK and US authorities will be a major setback for their operations, and is likely to degrade their ability to recruit and retain affiliates. However... ransomware gangs are notoriously resilient and may emerge under a different banner in the near future. The threat from this criminal gang and other ransomware groups will continue, and organisations must be constantly on their guard.”

According to Huseyin Can Yuceel, security researcher at Picus Security “Ransomware groups often leverage public-facing vulnerabilities to infect their victims with ransomware. This time, Operation Cronos gave LockBit operators a taste of their own medicine. ... Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online. Currently, LockBit associates are not able to login to LockBit services."

"In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild. Takedowns are short-lived if no one is arrested." Yuceel added.

Last year the UK's National Cyber Security Centre (NCSC)  issued a warning about the "enduring threat" posed by the group, alongside partner agencies in the US, Australia, Canada, France, Germany and New Zealand and the NCSC says that ransomware remains one of the biggest cyber threats facing the UK, and urges people and organisations not to pay ransoms if they are targeted. 

The NCSC statement describes LockBit's software as the "most deployed ransomware variant" across the world in 2022, and that it "continues to be prolific so far in 2023". LockBit was first detected in 2020, when the software surfaced on Russian language forums, leading some analysts to believe the group is based in Russia. 

NCA:      @vxunderground:    BBC:     Independent:      Ground:    Standard:     Shropshite Star:   

 Reddit:     Barrons:    HepNetSecurity:     Image: summerphotos

You Might Also Read: 

Ransomware: Businesses Are Well Equipped But Underprepared:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« 23andMe Sparks A Rethink About Safeguarding Critical Data
Top Three Types of Data Security Technology »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.