Two suspects were arrested and several dozen servers were seized as part of a major international police operation, called “Cronos”, targeting LockBit and involving the authorities of eleven countries, including France, Europol announced Tuesday February 20.
The cybercriminal group, specializing in ransomware – viruses designed to paralyze computer networks and demand a ransom from victims – had positioned itself, in a few years, among the most active gangs in this environment. Last summer, the American authorities counted a total of 1,700 attacks on their soil since the appearance of the group in 2019, for a “turnover” of around 91 million dollars (around 84 million euros) for ransoms paid only by targets located in the United States.
“It is estimated that ransomware accounts for a good quarter of attacks worldwide, with a predisposition to hitting Europe”emphasizes to the World Jean-Philippe Lecouffe, deputy director of operations at Europol, describing a group ” very attractive “ for pirates, because “all tools were provided”. LockBit had notably increased the attacks by carrying out a vast affiliate recruitment campaign on Russian-speaking forums, the name given to these intrusion specialists who work in partnership with ransomware operators. During the last quarter of 2023, attacks carried out by LockBit and its partners represented 8% of incidents observed by Covewarea leading security company on the subject.
A decapitated technical infrastructure
As part of Operation Cronos, headed by Europol, the authorities notably succeeded, in Poland and Ukraine, in arresting two people suspected of being LockBit collaborators, following a request issued by the French justice system. This operation especially struck at the heart of the group’s technical infrastructure: at least 34 servers were seized in eight countries, including France and the United States, and the public sites operated by LockBit now display the traditional information notice of authorities. Including the “wall of shame”, the site used by the cybercriminal group to display the names of its victims.
In total, thousands of domain names have been seized by Europol, which specifies that the group’s internal infrastructure, including the platform used by affiliates to connect, has also been put out of use by the authorities. “We have control over almost all of the infrastructure”, assures Jean-Philippe Lecouffe. Data decryption keys for potential victims will also be posted online soon on the No More Ransom website.
You have 45.73% of this article left to read. The rest is reserved for subscribers.