World’s Biggest Ransomware Group Shut Down, Domains Seized in Global Operation

The DoJ joined the UK and international law enforcement partners to announce the disruption of the LockBit ransomware group, one of the most active ransomware groups in the world.

WASHINGTON, D.C. – The operations of infamous ransomware group LockBit have been shut down, their domains seized, and several high-ranking members placed under arrest as the result of a recent digital takedown carried out by an international law enforcement operation.

Operation Cronos, the code name of a joint effort made up by agencies representing 11 countries – Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the United Kingdom, and the United States, in coordination with Europol – has replaced the front pages of the seized LockBit domains with a banner that notifies the visitor “This site is now under the control of law enforcement.”

Reports indicate that the domains in question were shut down due to LockBit’s “flawed infrastructure,” including a critical security flaw impacting PHP (CVE-2023-3824, CVSS score: 9.8) that was exploited by authorities that allowed for remote code execution.

In addition, Operation Cronos also noted that in addition to the seized domains, they also have taken possession of “source code, details of the victims [LockBit has] attacked, the amount of money extorted, the data stolen, chats, and much, much more.”

The arrests of two LockBit actors in Poland and Ukraine were also announced, more than 200 cryptocurrency accounts linked to the organization were frozen, and the United States has unsealed indictments and sanctions against two Russian nationals who were are alleged to have been involved in carrying out attacks on behalf of the group.

Since initially emerging on the scene in September 2019, LockBit has been one of the most prolific and damaging ransomware organizations that has ever existed, having claimed over 2,000 victims since their inception and reportedly having extorted as much as $91 million from organizations in the United States.

ReliaQuest, a cybersecurity firm, stated in a recent report that LockBit had claimed 275 victims in the fourth quarter of 2023, far more than any other ransomware group.