In a significant international crackdown, the Lockbit ransomware gang has been disrupted by a coalition of law enforcement agencies including Britain’s National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, and other international partners under ‘Operation Cronos’. This rare and coordinated effort has led to the control of Lockbit’s extortion website by authorities, as confirmed by a post on the gang’s site and an NCA spokesperson.
Despite Lockbit’s claim of having backup servers unaffected by the crackdown, the operation marks a crucial blow to one of the most formidable ransomware groups, known for attacking global organizations and demanding hefty ransoms. The collaborative operation involved police organizations from a range of countries including France, Japan, Switzerland, Canada, Australia, Sweden, the Netherlands, Finland, and Germany.
Lockbit, which surfaced in 2020 on Russian-language cybercrime forums, has operated a highly successful ransomware business model, recruiting affiliates to deploy its digital extortion tools against targets worldwide. Despite its claims of being apolitical and solely profit-driven, the group has been implicated in numerous high-profile attacks, including incidents involving Boeing and Britain’s Royal Mail.
The disruption of Lockbit is seen as a significant victory against ransomware operations, with officials in the U.S. previously labeling the group as the top global ransomware threat. As the investigation continues to unfold, the law enforcement message replacing Lockbit’s affiliate control panel warns of further actions, indicating a potentially new phase in the fight against cybercrime.