Following the joint operation “Cronos”, law enforcement authorities from the United States, Europe, Australia, and Japan have successfully infiltrated some resources belonging to LockBit, a hacker collective known for developing ransomware with the same name.
The official LockBit website released a statement highlighting the participation of members from the National Crime Agency (NCA, UK), the US Federal Bureau of Investigation (FBI), Europol, as well as national law enforcement agencies from various countries including France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany. The representatives from the NCA and the US Department of Justice (DOJ) stated that the operation is still ongoing and expanding. In the US alone, LockBit affected more than 1700 organisations across various industries such as finance, food provision for schools, transportation companies, and government agencies.
According to LockBit, despite the successful infiltration by law enforcement, their backup servers, which weren’t running PHP, were unaffected and are still operational. The hackers’ resources were exploited using the PHP vulnerability CVE-2023-3824.
The LockBit virus, which started circulating in hacker forums in 2020, was initially suspected to have Russian origins by cybersecurity specialists. However, the group insisted on their now-defunct darknet site that they are based in the Netherlands and are solely interested in monetary gains. Past victims of the LockBit virus include the British Royal Mail and Boeing, whose internal data was leaked online.
When affiliated hacker groups tried to access the virus control panel, they discovered a notice stating that government agents had obtained the source code, details of attack victims, ill-gotten funds, chat logs, and other valuable information. More details were promised to be revealed on the LockBit site on February 20, at 11:30 GMT (14:30 MSK).
Don Smith, Vice President of Secureworks, a subsidiary of Dell Technologies, reported that LockBit is the dominating ransomware operator, comprising 25% of the market. Its closest competitor, Blackcat, holds approximately 8.5% of the market share.
