LockBitSupp, the administrator of the LockBit ransomware service, has reportedly engaged with law enforcement following the takedown of the ransomware-as-a-service operation in Operation Cronos. The group has faced challenges including suspicion of government infiltration, bans from cybercrime forums, and internal disputes. The group's next generation variant, LockBit-NG-Dev, has been developed with new features to prevent reuse and resist analysis. The group is estimated to have made over $120 million in illicit profits and has ties to other Russian e-crime groups. Operation Cronos has dealt a significant blow to LockBit's ability to continue its ransomware activities.
Law enforcement agencies have arrested two members of the LockBit ransomware gang in Poland and Ukraine, seized over 200 crypto-wallets, and released a decryption tool to recover encrypted files for free as part of a global crackdown operation called Operation Cronos. The operation also resulted in the takedown of LockBit's primary platform and other critical infrastructure, with over 14,000 rogue accounts identified and referred for removal. The gang had over 2,000 victims and collected more than $120 million in ransom payments, and the U.S. Justice Department has issued indictments against other LockBit threat actors.
Law enforcement agencies from 11 countries have disrupted the LockBit ransomware operation in a joint operation known as "Operation Cronos," seizing control of the gang's data leak website and affiliate panel. The National Crime Agency of the UK, working with the FBI and international law enforcement, has taken down LockBit's services, including ransom negotiation sites. The gang's victim list includes high-profile organizations such as the UK Royal Mail, the City of Oakland, and the Bank of America, with cybersecurity authorities estimating that the gang has extorted at least $91 million from U.S. organizations since 2020.
