When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Game over: Global sting takes down LockBit cybercriminals

An Operation Cronos infographic

An international task force, headed by the UK’s National Crime Agency (NCA) has arrested two people from Poland and Ukraine allegedly involved with the LockBit ransomware that has plagued the world since 2019. In addition to the arrests, the technical infrastructure that allows LockBit to operate has been seized by law enforcement.

According to Europol, which helped coordinate the operation, authorities have also frozen a whopping 200 cryptocurrency accounts linked to the organisation. It believes that this move will help to disrupt the financial incentive driving ransomware attacks.

While the two arrests are no doubt important, the LockBit network is more than just the core developers, it also includes affiliates. The data that has been collected in this investigation will now be used to target the leaders of the group, developers, affiliates, infrastructure, and criminal assets linked to LockBit.

Describing how the group carries out its attacks, Europol writes:

“The group is a ‘ransomware-as-a-service’ operation, meaning that a core team creates its malware and runs its website, while licensing out its code to affiliates who launch attacks.

LockBit’s attack presence is seen globally, with hundreds of affiliates recruited to conduct ransomware operations using LockBit tools and infrastructure. Ransom payments were divided between the LockBit core team and the affiliates, who received on average three-quarters of the ransom payments collected.”

Neowin has carried some coverage about LockBit over the years. In 2023, for example, we reported that a partner of TSMC had been affected by LockBit and that the hackers were demanding a ransom of $70 million from TSMC otherwise they would publicly release stolen data.

With any luck, this action by law enforcement will be a knockout blow for the criminals involved with the ransomware. We’ll have to wait and see if any other actors fill in the gap left by those who have been apprehended.

Source: Europol

Report a problem with article
stardock on arm
Next Article

ARM support arrives for Start11 v2, Fences 5, and Groupy 2 with Object Desktop Insider

Firefox 123 logo
Previous Article

Firefox 123 is out with search for Firefox View, website compatibility reporting, and more

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment