February 20, 2024 at 06:34AM
Law enforcement arrested two operators of the LockBit ransomware gang, seized over 200 crypto-wallets, and developed a decryption tool in an international operation. French and U.S. authorities issued arrest warrants and indictments. Europol and other agencies coordinated the crackdown. The initiative, named Operation Chronos, disrupted LockBit’s primary platform and seized infrastructure. Decryption keys were retrieved, and a free tool for victims was developed.
Based on the meeting notes, the key takeaways are:
1. Law enforcement in Poland and Ukraine arrested two operators of the LockBit ransomware gang and seized over 200 crypto-wallets, leading to the creation of a decryption tool to recover encrypted files for free.
2. French and U.S. judicial authorities issued international arrest warrants and indictments targeting other LockBit threat actors, including two Russian nationals. The global crackdown was coordinated by Operation Chronos, headed by the U.K. National Crime Agency and assisted by Europol and Eurojust.
3. The operation resulted in the compromise of LockBit’s primary platform and critical infrastructure, including the takedown of 34 servers in multiple countries.
4. Decryption keys were retrieved from the seized LockBit servers, allowing for the development of a LockBit decryption tool supported by Europol, the Japanese Police, the NCA, and the FBI, which is available via the ‘No More Ransom’ portal.
5. Law enforcement gained control of LockBit servers used for double extortion attacks and seized dark web leak sites, affiliate panel, and data related to victims and attacks.
6. The LockBit ransomware-as-a-service (RaaS) operation has been linked to high-profile attacks on organizations worldwide, extorting millions of dollars from U.S. organizations and leading to a data breach at Bank of America through a third-party service provider.
7. Recent international law enforcement operations have also resulted in the seizure of servers and dark web sites used by other ransomware groups, such as ALPHV (BlackCat) and Hive.
These takeaways highlight the significant impact of the global LockBit crackdown and ongoing efforts to dismantle ransomware groups, providing valuable insights for further action and strategic planning.