LockBit website seized and operations disrupted by the FBI and NCA | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Lockbit’s website has been seized and its ransomware operations disrupted by international law enforcement agencies. Under the auspices of “Operation Cronos,” a joint investigation by 11 separate law enforcement services, the site now appears to be under the control of the UK’s National Crime Agency (NCA) and the US Federal Bureau of Investigation.

“This site is now under the control of [t]he National Crime Agency of the UK, [w]orking in close cooperation with the FBI and the international law enforcement task force, Operation Cronos,” reads a new banner appearing on Lockbit’s website. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation.”

If lasting, the disruption of LockBit’s operations by a joint task force of 11 law enforcement agencies could remove a major ransomware gang from the cybercrime landscape. (Photo by VectorPixelStar/Shutterstock)

LockBit appear to have been undermined by PHP exploit

According to BleepingComputer, LockBit’s ancillary ransom negotiation sites are also down, though websites used to send private messages to members of the gang and host data appear to be online. If the statements of the assumed ringleader of the cybercriminal enterprise are to be believed, then the gang’s operations were disrupted by a PHP exploit deployed by the FBI. 

“FBI fucked up servers via PHP,” read the message from the pseudonymous ‘LockBitSupp’ on the Tox messaging service used by some Lockbit members to communicate with each other. “Backup servers without PHP can’t be touched.”

LockBit’s affiliate panel also appears to have been seized by members of Operation Cronos, along with victim information, source code and internal groupchats. “You can thank Lockbitsupp and their flawed infrastructure for this situation,” reads another message from law enforcement agencies posted on the panel. “[W]e may be in touch with you very soon.”

Gang notorious for double extortion methods

LockBit was first observed by cybersecurity researchers in September 2019. According to Blackberry, it primarily targets SMEs, buying access to compromised networks or else breaking into companies by exploiting unpatched vulnerabilities, among other methods. Once inside a company’s systems, LockBit hackers begin acquiring information about the network and attempt to establish control over it before issuing their ransom demands. These usually involve two forms of extortion: forcing the victim to pay a ransom to reacquire their data, and then an additional fee to prevent it being published on one of LockBit’s victim sites. 

LockBit has also proven adept at wreaking havoc at major corporations and public institutions. In summer 2022, the group’s malware was used to cripple the NHS’ 111 helpline. The following year, Lockbit also hacked the Japanese port of Nagoya, semiconductor giant TSMC and Varian Medical Systems. In the latter case, the gang threatened to leak confidential medical data belonging to cancer patients if their ransom demands were not met. 

Content from our partners
Manufacturers are switching to personalised customer experience amid fierce competition

How many ends in end-to-end service orchestration?

When AI meets hybrid cloud


Click Here For The Original Source.

National Cyber Security