LockBit ransomware gang shut down? Website for notorious criminal gang no longer operational

security
(Image credit: Shutterstock / binarydesign)

One of the most disruptive and, arguably, most influential, ransomware groups in recent years has had its website seized by the authorities. 

Not only that, but all of the data held by Russia-based LockBit, including information stolen from its victims, was also seized.

The ransomware operator’s website, where it posts all of its victims and the data it stole from them, was defaced on Monday night. It was replaced with a message saying “This site is now under the control of law enforcement.”

Affiliates under pressure

“The site is under the control of the National Crime Agency of the UK, working in close co-operation with the FBI and the international law enforcement task force, 'Operation Cronos',” the announcement further stated.

As per the publication, the police was operating covertly for some time, before going public. Its technical experts made their way into LockBit’s systems and assumed control from the inside. “In doing so, they were able to steal a large amount of the criminal group’s own data about its activities,” the report states.

This is also important because many firms never admit falling victim to a ransomware attack, and this is the only way to know for certain, the scope and devastation LockBit wreaked. 

It is also worth mentioning that LockBit operates on a ransomware-as-a-service (RaaS) model, and allows other groups to log into the website. However, now when they log in, they get a message saying the police seized the data. “We may be in touch with you very soon,” it says. 

Ciaran Martin, the former head of the UK's National Cyber Security Centre told the BBC that this was “one of the most consequential disruptions ever undertaken” against a ransomware operator. “Certainly by far the biggest ever led by British police.”

Unfortunately, as the group is Russian, no arrests were made. It’s safe to assume LockBit will be back soon enough, in one form or another.

Via BBC

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.