February 20, 2024 at 08:51AM
The UK’s National Crime Agency seized LockBit’s source code and intelligence in Operation Cronos, arresting two actors and freezing 200 cryptocurrency accounts. The agency dismantled servers, retrieved decryption keys, and took control of LockBit’s services to disrupt its criminal enterprise. LockBit, known for its ransomware attacks, made over $120 million in profits.
Key takeaways from the meeting notes:
– The U.K. National Crime Agency (NCA) has acquired LockBit’s source code and gained intelligence on its activities through Operation Cronos.
– Data belonging to victims who paid ransom to LockBit was found on their systems, indicating that paying ransom does not guarantee the deletion of data as promised by the criminals.
– Two LockBit actors have been arrested in Poland and Ukraine, and over 200 cryptocurrency accounts linked to the group have been frozen.
– Indictments have been unsealed in the U.S. against two Russian nationals allegedly involved in LockBit attacks.
– LockBit runs a ransomware-as-a-service (RaaS) scheme and employs double extortion tactics to pressure victims into paying ransoms.
– Triple extortion, which includes distributed denial-of-service (DDoS) attacks, is used as an additional layer of pressure by LockBit.
– LockBit has used a custom data exfiltration tool codenamed StealBit for data theft.
– LockBit attacks have affected over 2,500 victims worldwide and generated illicit profits exceeding $120 million.
– The NCA has seized LockBit’s infrastructure and obtained keys to help victims decrypt their systems, effectively “locking out” LockBit and damaging their capability and credibility.
This information underscores the NCA’s successful efforts to disrupt LockBit’s criminal operations and the ongoing collaboration with international authorities to combat cybercrime.