Lockbit Infrastructure Disrupted by Global Law Enforcers | #ransomware | #cybercrime

Notorious ransomware gang Lockbit has been taken down by a global law enforcement operation.

The UK’s National Crime Agency (NCA) teamed up with the FBI, Europol and others on “Operation Cronos,” according to a message displayed on Lockbit’s leak site.

According to screenshots posted on X (formerly Twitter), the group’s affiliate panel has also been seized by law enforcement, as well as internal data including chat messages, source code and details on victims and extortion payments.

“You can thank Lockbitsupp and their flawed infrastructure for this situation … we may be in touch with you very soon,” reads a message posted by law enforcement to the affiliate panel. Lockbitsupp is the handle of the believed ringleader of the ransomware group.

In a brief statement, an NCA spokesperson confirmed that the agency had led a coordinated takedown of the group’s current infrastructure and added that the situation was “ongoing and developing.”

Security researchers vx-underground claimed that at least 22 Tor sites associated with Lockbit had been seized and/or taken down by law enforcement.

Read more on Lockbit: LockBit Remains Top Global Ransomware Threat

It cited the group’s administrator as claiming law enforcement had managed to compromise its infrastructure by exploiting CVE-2023-3824. This is a critical PHP vulnerability which could lead to a stack buffer overflow and potentially memory corruption or remote code execution.

Lockbit has dominated the ransomware threat landscape over the past two years, demanding tens of millions of dollars in ransoms from big-name targets including the Royal Mail, chip giant TSMC and the state of California.

A recent report claimed it had listed 275 victims on its leak site during Q4 2023 alone.

However, as William Wright, CEO of Closed Door Security, argued, Operation Cronos is unlikely to lead to any arrests – as most ransomware actors are sheltered in states out of the reach of Western law enforcers.

“The one caveat to this takedown is that it may not spell absolute demise of Lockbit. The attackers could resurface under new branding as we have seen with DarkSide to BlackMatter to BlackCat, and many others,” he added.

“Enterprises must therefore continue to protect their networks against ransomware. While law enforcement is making good progress, the battle is not over yet.”

More news will be available from the NCA at 11.30 GMT.

Source link


National Cyber Security