Ransomware group LockBit threatened to release stolen data from Fulton County, Ga. unless a ransom was paid, but experts believe the group likely lost the data when its servers were seized by law enforcement. Despite claiming that the county had paid, officials stated they did not make any payments. The FBI and U.K.’s National Crime Agency took over LockBit’s infrastructure, and the group reemerged with new deadlines for data release. However, experts believe LockBit's recent activities are attempts to save face, and it's likely the end of the LockBit brand.
The ransomware gang LockBit threatened to leak documents from the criminal prosecution of Donald Trump in Fulton County, Georgia, but the threat mysteriously disappeared without any documents being released. This comes after a law enforcement takedown operation targeting LockBit. Fulton County officials denied paying a ransom, leaving unanswered questions about the potential existence and fate of the court documents. The situation raises concerns about the potential impact on the ongoing trial and the upcoming US presidential election.
After a recent law enforcement disruption, the LockBit ransomware gang has returned with updated encryptors and new servers for their attacks. Despite the disruption, they have set up new data leak and negotiation sites, and are actively recruiting experienced pentesters to join their operation, indicating a continued threat in the future.
LockBit ransomware gang claims to be back in action after law enforcement seized its servers and websites, threatening to release stolen documents related to Donald Trump's court cases and confidential data from Fulton County unless a ransom is paid. The group taunts law enforcement and claims that the seized decryption keys are of little use. The FBI, however, states that it will continue to assist victims and maintain disruptive activities against cyber actors.
The LockBit ransomware group has reemerged on the dark web with new infrastructure after a law enforcement takedown, moving its data leak portal to a new .onion address and alleging that the U.S. FBI hacked their infrastructure. Meanwhile, Russian authorities have arrested three individuals linked to the SugarLocker ransomware group, accusing them of operating under the guise of a legitimate IT firm and engaging in cybercriminal activities. The arrest of one of the individuals comes after financial sanctions were imposed against him for his alleged role in a ransomware attack against a health insurance provider.
LockBitSupp, the administrator of the LockBit ransomware service, has reportedly engaged with law enforcement following the takedown of the ransomware-as-a-service operation in Operation Cronos. The group has faced challenges including suspicion of government infiltration, bans from cybercrime forums, and internal disputes. The group's next generation variant, LockBit-NG-Dev, has been developed with new features to prevent reuse and resist analysis. The group is estimated to have made over $120 million in illicit profits and has ties to other Russian e-crime groups. Operation Cronos has dealt a significant blow to LockBit's ability to continue its ransomware activities.
The LockBit ransomware gang has accumulated over $110 million in unspent Bitcoin, with more than $125 million in ransom payments received over the past 18 months. The National Crime Agency (NCA) in the U.K., in collaboration with other agencies, identified and disrupted the group's infrastructure, uncovering 2,200 unspent bitcoins and discovering that the total ransom amounts are likely in the hundreds of millions. LockBit, which has been active since 2019 and targeted high-profile organizations, is one of the most prolific ransomware groups, with law enforcement agencies offering rewards for information on its members.
Law enforcement has shut down over 14,000 accounts on third-party services such as Mega, Tutanota, and Protonmail, used by affiliates of the LockBit ransomware service for exfiltration and infrastructure. This action severely hampers cybercriminal operations, with three alleged affiliates already arrested and more arrests planned. The National Crime Agency gained unprecedented access to LockBit's systems, and the U.S. Department of State announced a $15 million reward for information leading to the arrest or conviction of individuals involved in the LockBit gang.
Ukrainian police have arrested a father-son duo connected to the cybercrime gang Lockbit, following an international law enforcement operation led by the UK's National Crime Agency and the FBI. The duo is accused of carrying out ransomware attacks against enterprises, state institutions, and healthcare institutions in France. The arrests in Ukraine led to the seizure of 200 cryptocurrency accounts and 34 servers used by the gang in multiple countries. The joint operation, dubbed "Operation Cronos," also resulted in the arrest of a Lockbit gang member in Poland and the disruption of the group's core activities.
The US has offered a reward of up to $15 million for information on the leaders of the cybercrime group Lockbit, while police in Ukraine have arrested a father-son duo allegedly involved with the gang. This comes as part of a series of international law enforcement actions against Lockbit, with the US, UK, and EU disrupting the group and using their seized web page to taunt the hackers and provide a tool for victims to decrypt their data for free. Ukraine's police seized cryptocurrency accounts and servers used by the gang in multiple countries, effectively blocking their activities.
Law enforcement officials from 11 countries have collaborated to disrupt the activities of the notorious cybercrime group Lockbit, which has made over $120 million through ransomware attacks. The UK's National Crime Agency has taken control of the group's internal servers and website, and two arrests have been made in Ukraine and Poland. While Lockbit is threatening to rebuild, this operation is expected to significantly impede their ability to launch attacks in the near future.
An international task force led by Britain’s National Crime Agency, representing 11 countries’ law enforcement agencies including the FBI, has disrupted the operations of LockBit, one of the world’s most prolific criminal ransomware gangs. The group's network has been infiltrated, and the NCA has taken control of LockBit’s services, compromising their entire criminal enterprise. Two people were arrested in Poland and Ukraine, and over 200 cryptocurrency accounts were frozen. The malicious ransomware variant has been used to extort tens of millions of dollars from victims worldwide, and it is widely believed to be operated from Russia. The takedown is a significant step in the fight against cybercrime, but the wider effect will depend on whether law enforcement agents succeed in seizing source code, details of victims, and chats between affiliates.
Law enforcement agencies from the UK, US, and Europe have disrupted the prolific ransomware group LockBit, arresting two individuals and seizing 200 cryptocurrency accounts. The operation resulted in comprehensive access to LockBit's systems, including infrastructure control and decryption keys for victims. The syndicate, which has extracted $120 million from thousands of victims worldwide, has been linked to attacks on organizations such as the UK's Royal Mail, Boeing, and China's ICBC. While this operation is a significant blow to LockBit, cybersecurity experts caution that ransomware groups often rebrand and re-emerge under new names.
A global coalition of law enforcement agencies has successfully disrupted the ransomware group Lockbit, known for targeting American hospitals and schools, in one of the largest cybercrime takedowns to date. The takedown involved agencies from the United States, United Kingdom, and 12 other countries, resulting in the dismantling of Lockbit's infrastructure and the arrest of at least five alleged members. While the core suspects are still free to operate in Russia, the action aims to erode trust in the criminal ecosystem and prevent the group from rebuilding its empire.
An international law enforcement operation led by the UK's National Crime Agency and the FBI has resulted in the arrest and indictment of members of the Lockbit ransomware gang, known for targeting over 2,000 victims worldwide and receiving more than $120 million in ransom payments. The operation, dubbed "Operation Cronos," involved the seizure of Lockbit's infrastructure, the arrest of two gang members, and the freezing of 200 cryptocurrency accounts. The gang's website, previously used to display victim organizations and ransom deadlines, has been transformed by law enforcement agencies to expose internal data about the group and threaten upcoming sanctions and the identity of Lockbit's ringleader.
