February 20, 2024 at 11:07AM
LockBit’s infrastructure has been dismantled by Western authorities in “Operation Cronos.” The UK’s National Crime Agency seized control of LockBit’s site, promising a slow release of revelations. Two affiliates have been arrested, adding to previous arrests. DoJ indicted two Russian nationals. Despite challenges, the takedown is a significant win, with servers and cryptocurrency accounts taken down. More revelations to come.
Key takeaways from the meeting notes:
1. Seizure of LockBit’s infrastructure: Western authorities have taken control of LockBit’s site and are gradually revealing information about the group’s activities. Two arrests of LockBit affiliates have been made in Ukraine and Poland, building upon previous arrests in the US and Canada.
2. Significance of arrests: While capturing affiliates is a win for law enforcement, the focus remains on targeting the leadership team and brains behind ransomware operations, as their capture has a more significant impact on disrupting these operations.
3. Disruption of LockBit: The takedown of LockBit, which had been the most prolific ransomware gang for the past two years, involves freezing of cryptocurrency accounts, gathering of data, and obtaining the platform’s source code and intelligence about the group’s activities.
4. Future disclosures: More information about the LockBit operation is set to be released throughout the week, including details about the group’s affiliate infrastructure, technical reports, and the grand reveal of LockBit’s leader.
5. Potential recovery of LockBit: LockBit claims that only servers running PHP elements were impacted and that its backups were untouched, possibly allowing for a swift recovery. However, authorities have not confirmed this, and there is speculation about the extent of the group’s compromise.
6. Law enforcement action: The collective effort of law enforcement agencies is expected to maximize disruption and impose maximum cost on LockBit, aiming to prevent their continued operation.
Overall, the meeting notes provide insights into the ongoing Operation Cronos and the efforts of authorities to dismantle LockBit’s infrastructure and disrupt its criminal activities.