Law enforcement agencies arrest two LockBit operators in Poland and Ukraine, issue three arrest warrants, offer a decryption tool, and seize 200+ crypto wallets
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool …
BleepingComputer Sergiu Gatlan
Related Coverage
- U.S. and U.K. Disrupt LockBit Ransomware Variant US Department of Justice
- Authorities disrupt operations of notorious LockBit ransomware gang TechCrunch · Carly Page
- Law enforcement disrupt world's biggest ransomware operation Europol
- International investigation disrupts the world's most harmful cyber crime group National Crime Agency
- A Global Police Operation Just Took Down the Notorious LockBit Ransomware Gang Wired · Matt Burgess
- Lockbit: UK leads disruption of major cyber-criminal gang BBC · Gordon Corera
- LockBit cartel disrupted “at every level” - Europol Cybernews.com · Vilius Petkauskas
- Law Enforcement Trolls World's Biggest Ransomware Gang Forbes · Davey Winder
- US Charges Two Russian Nationals for Lockbit Ransomware Attacks PCMag · Kate Irwin
- UK and US hack the hackers to bring down LockBit crime gang The Guardian · Alex Hern
- Law enforcement agencies disrupt prolific ransomware group LockBit Associated Press
- Lockbit cybercrime gang disrupted by Britain, U.S. and EU Reuters
- LockBit Takedown by Brits — Time for ‘Operation Cronos’ Security Boulevard · Richi Jennings
- LockBit ransomware gang shut down? Website for notorious criminal gang no longer operational TechRadar
- NCA's LockBit Takedown: Source Code, Arrests and Recovery Tool Revealed Hackread · Waqas
- National Crime Agency smashes LockBit infrastructure, grabs 1,000 decryption keys The Stack · Joe Fay
- U.S. and U.K. Disrupt LockBit Ransomware Variant The Justice Department on YouTube
- LockBit smashed: Notorious cyber crime group which targeted 1,700 firms worldwide is dismantled London Evening Standard · Martin Bentham
- Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow To Operation SecurityWeek · Eduard Kovacs
- Okay, this is some expert trolling. I was going through all the different Lockbit sites on the dark web, and found one that at first glance appeared to be still functioning as a data leak site. — Upon closer inspection, the feds just used the existing design and replaced all the victim data with press releases about arrests and the distribution of free Lockbit decryption keys. … @briankrebs@infosec.exchange · BrianKrebs
- So there's loads more to come on the LockBit takedown, including new info on how they exfiltrate data and such. — One extra bit of info - even after companies paid the ransom, LockBit were keeping the data - it was on the servers the NCA seized. @GossiTheDog@cyberplace.social · Kevin Beaumont
- The finger pointing on the cybercrime forums has started in re the Lockbit takedown, and it's fairly entertaining as usual. — One of the admins posted that they believe the FBI/NCA got in by exploiting a known vulnerability in PHP. … @briankrebs@infosec.exchange · BrianKrebs
- A really legendary bust/troll of the LockBit ransomware group unveiled. Well done UK National Crime Agency and partners. Apparently PHP bug CVE-2023-3824. #infosec — [image] @jkirk@infosec.exchange · Jeremy Kirk
- This is what the LockBit site looks like now. — [image] @metacurity@infosec.exchange
- LockBit ransomware disrupted by global police operation BleepingComputer · Sergiu Gatlan
- LockBit gang hobbled by international takedown SC Media · Simon Hendery
- Operation Cronos Obliterates LockBit Operations Metacurity · Cynthia Brumfield
- US indicts two Russian nationals in Lockbit cybercrime gang bust Reuters
- FBI and allies seize dark-web site of world's most prolific ransomware gang CNN · Sean Lyngaas
- LockBit ransomware site seized by law enforcement Silicon Republic · Leigh Mc Gowran
- LockBit Down! — LockBit Ransomware's infrastructure has been seized through a global joint law enforcement action. Ransomware · Allan Liska
- Notorious cyber crime gang Lockbit disrupted by NCA, FBI and international coalition Sky News · Niamh Lynch
- LockBit website seized and operations disrupted by the FBI and NCA Tech Monitor · Greg Noone
- Royal Mail hackers LockBit hobbled by global law enforcement Financial Times · Tim Bradshaw
- Group claiming responsibility for Fulton County hack ‘disrupted’ by international law enforcement WSB-TV
- Operation Cronos: law enforcement disrupted the LockBit operation Security Affairs · Pierluigi Paganini
- LockBit gang members arrested in Poland and Ukraine ComputerWeekly.com · Alex Scroxton
- Broken LockBit: Ransomware Group Takedown Will Have Impact BankInfoSecurity.com · Mathew J. Schwartz
- Law enforcement seizes top ransomware gang's website Axios · Sam Sabin
- LockBit website siezed, operations disrupted in joint international law enforcement operation TechSpot · Rob Thubron
- LockBit takedown is a “huge win for law enforcement”, but let's not celebrate too soon, security experts warn ITPro · Ross Kelly
- Crypto Ransomware Operator LockBit Taken Down in a Global Operation Cryptonews · Jai Pratap
- LockBit Cyber Gang, Responsible For Ransomware Attacks On TSMC, Boeing, Thwarted By FBI Benzinga · Ananya Gairola
- LockBit ransomware gang disrupted by global operation The Register · Simon Sharwood
- LockBit Ransomware Gang Domains Seized in Global Operation Hackread · Waqas
- Developing: LockBit disrupted by law enforcement DataBreaches.net
- LockBit, the world's worst ransomware, is down Malwarebytes
- Site run by cyber criminals behind Fulton County ransomware attack taken over WAGA-TV · Tyler Fingert
- LockBit ransomware's domain seized by law enforcement Cybernews.com · Vilius Petkauskas
- LockBit Infrasttructure Seized By US, UK Police DeviceSecurity.io · Akshaya Asokan
- LockBit digital gang disrupted by international law enforcement in ‘Operation Cronos’ CBC News
- FBI, British authorities seize infrastructure of LockBit ransomware group CyberScoop · AJ Vicens
- Just to be super clear, 3 different LockBit services are still online: — http://lockbit7z2jwcskxpbokpemdxmltipnt wlkmidcll2qirbu7ykg46eyd.onion/ http://lockbitfile2tcudkcqqt2ve6btssyvq wlizbpv5vz337lslmhff2uad.onion/ http://lockbitnotexk2vnf2q2zwjefsl3hjsn k4u74vq4chxrqpjclfydk4ad.onion/ … @GossiTheDog@cyberplace.social · Kevin Beaumont
- LockBit still have infrastructure online, which is still counting up in terms of uptime. — It's pretty mind boggling to me that for 4 years 170 days, these guys have been doing horse carriage robbery of schools and hospitals and.. uh... they just did it. — (Also, yes, they have a bug bounty that pays better than most large orgs). … @GossiTheDog@cyberplace.social · Kevin Beaumont
- Looks like the FBI and UK's National Crime Agency have seized the website for ransomware group Lockbit. Apparently they are releasing more details of “Operation Cronos” tomorrow (Feb. 20). — [image] @briankrebs@infosec.exchange · BrianKrebs
Discussion
-
@zackwhittaker@mastodon.social
Zack Whittaker
on mastodon
LockBit's now-seized dark web site, which is run by the U.S and U.K. authorities, is packed with information about the operation, with more to come. — More: https://techcrunch.com/... [image]
-
@zackwhittaker@mastodon.social
Zack Whittaker
on mastodon
New, by @carlypage: It's LockBit takedown day. — As part of Operation Cronos, law enforcement agencies have seized 34 servers, arrested two alleged LockBit actors, seized 200 cryptocurrency accounts, and released a decryption tool. — More to come today... https://techcrunch.…
-
@s0ufi4n3
Soufiane
on x
Okey trolling is fun...but seriously -_- [image]
-
@charliek65
Charlie
on x
Operation #Cronos shows some great insight as to how the group and affiliates ran. Screenshots from the admin backend. [image]
-
@nca_uk
@nca_uk
on x
Today, after infiltrating the group's network, the NCA has taken control of the infrastructure that allows the Lockbit service to operate, compromising their entire criminal enterprise and damaging their credibility.
-
@nca_uk
@nca_uk
on x
The NCA, working closely @SWROCU and @FBI, and supported by international partners from nine other countries, have been covertly investigating Lockbit as part of a dedicated task force called Operation #Cronos.
-
@rik_ferguson
Rik Ferguson
on x
As a result of our work, <..>. The Agency has obtained over 1,000 decryption keys and will be contacting UK-based victims in the coming days and weeks to offer support and help them recover encrypted data. https://www.nationalcrimeagency.gov.uk/ ...
-
@swrocu
@swrocu
on x
A landmark moment for UK law enforcement in the fight against cybercrime - a collective effort by us, NCA, FBI and others to disrupt the world's most harmful cybercrime group. #Cronos
-
@ericgeller
Eric Geller
on x
Here are this morning's announcements about the international takedown of LockBit's infrastructure: https://www.justice.gov/... https://www.nationalcrimeagency.gov.uk/ ... Two alleged members arrested, two more indicted, group and affiliate infrastructure shut down, 200 cryptocu…
-
@rik_ferguson
Rik Ferguson
on x
Patch now is too late for #LockBit The ransomware group claims that law enforcement compromised them by exploiting CVE-2023-3824 (PHP). LE have seized control of most of LockBit's web sites, inc. affiliate panel where they warned affiliates they'll “be in touch soon.” [image]
-
@fbi
@fbi
on x
The #FBI and its U.K. partners have indicted two Russian nationals and disrupted the LockBit ransomware group, affecting more than 2,000 victims worldwide. Victims may be able to restore compromised systems with newly developed decryption capabilities. https://www.justice.gov/...…
-
@ciaranmartinoxf
Ciaran Martin
on x
Lots more to say later but for now: We all - particularly vulnerable business owners & organisational leaders - owe @NCA_UK & partners our unqualified thanks & congrats for leading one of the most impressive & impactful counter-cyber crime operations ever #lockbittakedown [image]
-
@jamescleverly
James Cleverly
on x
We won't allow criminals to threaten UK security. Those behind LockBit sell ransomware to make billions off the backs of victims. Thanks to @NCA_UK's global capabilities, we have infiltrated their network and crippled the operations of the most harmful cyber group in the...
-
@ncsc
@ncsc
on x
Today, law enforcement has taken control of technical infrastructure which underpins the Lockbit operation. Read our statement here👇 https://www.ncsc.gov.uk/...
-
@ciaranmartinoxf
Ciaran Martin
on x
It's true that law enforcement ops against cyber criminals are whack-a-mole. but this one against Lockbit is kind of like machine gunning or bombing a whole mole hill rather than whacking an individual mole to be fair
-
@malwarebytes
@malwarebytes
on x
International law enforcement are using LockBit's leak site to leak information about their LockBit takedown 🏆😆🤣🤣🤣 [image]
-
@1br0wn
Ian Brown
on x
One of the few effective ways law enforcement can respond to ransomware groups based in jurisdictions which won't cooperate in prosecute or extradite them. Will Russia raise the stakes by providing infosec protection to its gangs? (Hard for anyone else to defend against 5👀)
-
@gordoncorera
Gordon Corera
on x
“We have hacked the hackers” - UK's National Crime Agency head says revealing operation to disrupt what is thought to be largest criminal ransomware group. The NCA infiltrated systems belonging to Lockbit and stole its data. https://www.bbc.com/...
-
@mikko
@mikko
on x
The takedown of Lockbit tor sites by law enforcement is a big deal. Our data shows that Lockbit was the biggest ransomware group, behind 21% of all attacks in 2023. Lockbit has attacked thousands of organizations over the last 5 years, and collected a fortune in ransom payments. …
-
@imposecost
Andrew Thompson
on x
They need to give these two LockBit actors minimum 20 years in prison. If they slap them with the normal 7, it's weak.
-
@fbi
@fbi
on x
#FBI Deputy Director Paul Abbate announced the successful disruption of the LockBit Ransomware Variant alongside our U.K. partners. If LockBit ransomware has victimized you or your organization, visit https://lockbitvictims.ic3.gov/ to learn possible decryption capabilities. [vid…
-
@thejusticedept
@thejusticedept
on x
U.S. and U.K. Disrupt LockBit Ransomware Variant U.S. Indictment Charges Two Russian Nationals with Attacks Against Multiple U.S. and International Victims; FBI Seizes Infrastructure; and Department of Treasury Takes Additional Action Against LockBit 🔗: https://www.justice.gov/..…
-
@paulbranditv
Paul Brand
on x
Rare to see a line-up like this. National Crime Agency, FBI, Europol... in fact police from ten different countries. They've hacked the hackers behind Lockbit, the most egregious ransomware, which has crippled thousands of companies worldwide, from Royal Mail to Boeing. [image]
-
@uk_daniel_card
@uk_daniel_card
on x
Honestly, today's news about Lockbit etc. is great news! this cyber game is often filled with doom and gloom (if you have ever walked into an org that's been ransomware it's like a digital bomb site - this stuff not only causes financial harm, but it causes masses of emotional...
-
@uid_
Rickey Gevers
on x
Oh man, the troll level of @NCA_UK: “doesnt_look_good.png” #Lockbit [image]
-
@nca_uk
@nca_uk
on x
The NCA reveals details of an international disruption campaign targeting the world's most harmful cyber crime group, Lockbit. Watch our video and read on to learn more about Lockbit and why this is a huge step in our collective fight against cyber crime. [video]
-
@joetidy
Joe Tidy
on x
Very interesting - NCA says that whilst searching through seized servers of LockBit they found data belonging to some victims who had already paid the gang's ransom. So - more evidence that paying these criminals does not mean that your data is deleted as they promise.
-
@europol
@europol
on x
🚨 Europol & law enforcement from 10 countries disrupt world's biggest ransomware operation. 💻 LockBit, seen as the world's most prolific and harmful ransomware, caused billions of euros worth of damage. More information ⤵️ https://www.europol.europa.eu/ ... [image]
-
@uk_daniel_card
@uk_daniel_card
on x
hahahaha #fucklockbit ! great work @NCA_UK and partners! [image]
-
@uk_daniel_card
@uk_daniel_card
on x
honestly this is GRADE A quality trolling! My DMs are filled with people celebrating Lockbit being taken down! 🥳🇬🇧🛡️🤟🤟🤟🤟 [image]
-
@uid_
Rickey Gevers
on x
Damn, Lockbit was completely pwned.
-
@lawrenceabrams
Lawrence Abrams
on x
Wow... law enforcement turned LockBit's data leak site into a massive press release. [image]
-
@aejleslie
Alexander Leslie
on x
🔒 Operation Cronos 🔒 - 34 servers seized. - 2 LockBit actors arrested. - 3 arrest warrants issued. - 5 indictments issued. - 200 cryptocurrency accounts frozen. - 14,000 “rogue accounts responsible for exfiltration or infrastructure” closed. - Decryption tool released.
-
@vxunderground
@vxunderground
on x
When a Lockbit affiliate tries to log into the Lockbit panel this is what they see [image]
-
@azalsecurity
@azalsecurity
on x
Lockbit just emailed this to all of their affiliates. [image]
-
@vxunderground
@vxunderground
on x
Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. [image]
-
@vxunderground
@vxunderground
on x
Lockbit ransomware group administration claims that law enforcement agencies compromised them by exploiting CVE-2023-3824 More information: https://nvd.nist.gov/...
-
@vxunderground
@vxunderground
on x
“We can confirm that Lockbit's services has been disrupted as a result of International Law Enforcement action - this is an ongoing and developing operation. Return here for more information at: 11:30 GMT on Tuesday 20th Feb” [image]
-
@swiftonsecurity
@swiftonsecurity
on x
Even ransomware fucks can't keep on top of patches for exploits THEY use. We have built a world of glass cannons.
-
@malwrhunterteam
@malwrhunterteam
on x
“We can confirm that Lockbit's services have been disrupted as a result of International Law Enforcement action - this is an ongoing and developing operation.” “Return here for more information at: 11:30 GMT on Tuesday 20th Feb.” “Operation Cronos” 🤔 [image]
-
@ciaranmartinoxf
Ciaran Martin
on x
Guess we're about to find out if #lockbit have good backups and an effective business continuity & recovery plan 😂
-
@uk_daniel_card
@uk_daniel_card
on x
#Lockbit is Tango Down! [image]
-
@cyber_sgt_maj
@cyber_sgt_maj
on x
It's a bit shit when Lockbit offer more support to their customers after a breach than most legitimate companies. Maybe a lesson to learn? [image]
-
@malwrhunterteam
@malwrhunterteam
on x
I'm not really sure revealing publicly that you tried to help the LockBit ransomware gang make their shit more secure is a good idea... 😂 🤷♂️ [image]
-
@thegrugq
@thegrugq
on x
Are lockbit affiliates going to get 12 months of free credit monitoring? What is lockbit doing to make this right?!
-
@megbrownlawyer
Megan Brown
on x
This is a “big f-ing deal” to quote a certain politician. 😊 glad to see governments taking the fight to the bad guys. #cyber
-
@joetidy
Joe Tidy
on x
The LockBit gang takedown looks pretty thorough. Big disruption to the big bad of cyber. Multiple security firms have LockBit as the most prolific group of 2023. We've been here before of course and another crew will rise up but we love to see the hackers get hit. [image]
-
@swiftonsecurity
@swiftonsecurity
on x
I follow a lot of cyber people - and there is a LOT of rejoicing about #lockbit ransomware group being taken down. Big respect to everyone who contributed to a massive win! 🫡
-
@shashj
Shashank Joshi
on x
Big news. Another ransomware begemoth is taken down. “This site is under the control of the @NCA_UK, working in close cooperation with the @FBI.” My piece from last month on the utility & limitations of offensive cyber operations v cybercriminal groups: https://www.economist.com/…
-
@lisaforteuk
Lisa Forte
on x
Unbelievably those folks with a LockBit tattoo now look even more stupid
-
@gazthejourno
Gareth Corfield
on x
Rather big news from the cyber world: Lockbit, the Russian ransomware gang that tried to extort £66m from Royal Mail, has had its website seized by law enforcement including the National Crime Agency.