US and UK law enforcement agencies have seized the infrastructure of LockBit, a notorious ransomware-as-a-service operation with ties to Russian-speaking cybercriminals. This takedown, known as Operation Cronos, was conducted jointly by British and American authorities and represents the latest strike against the booming ransomware-as-a-service market.
LockBit, the Russian-speaking cybercriminal group, has attacked multiple organizations worldwide since its emergence in 2019. LockBit offered it’s services as a RaaS, The hacking group provided its affiliates with access to the group’s ransomware tools and infrastructure , who, in turn, carried out the attacks themselves. This setup allowed LockBit to maintain anonymity and distance itself from the direct execution of the attacks, while the core LockBit team develops the ransomware tools and manages the infrastructure. This decentralized structure has allowed LockBit to rack up an enormous victim count, with over 3000 known targets across multiple continents.
The group’s dark web leak site now displays a seizure notice, indicating that critical infrastructure, including potentially “source code, details of victims, stolen data, and communication logs,” has been compromised. This information could prove invaluable in future investigations and prosecutions.
This case follows a series of recent actions by U.S. authorities against individuals associated with LockBit, a notorious ransomware group responsible for numerous cyberattacks targeting critical infrastructure worldwide. In June 2023, the U.S. Department of Justice accused a Russian hacker, Ruslan Magomedovich Astamirov of being part of LockBit group and in November 2022, charges were filed against Mikhail Vasiliev, a dual Russian-Canadian national, for his alleged involvement with LockBit.