In a decisive global counterstrike, an international taskforce has crippled notorious ransomware syndicate LockBit. Law enforcement agencies across 10 countries infiltrated its networks in a months-long investigation dubbed “Operation Cronos.”
LockBit gained infamy as the world’s most prolific extortionist gang, perpetrating thousands of attacks against entities like Boeing and Subway. Using a Ransomware-as-a-Service model, its core developers enabled a sprawling network of criminal affiliates.
Together, they squeezed victims through data encryption, leak threats and crippling DDoS attacks – extracting over $120 million in payments. But their reign of digital terror ended with authorities compromising essential infrastructure.
“We’ve hacked the hackers,” declared the UK’s National Crime Agency (NCA), which spearheaded the bust alongside Europol and Eurojust. Investigators seized 34 servers across Europe, North America and Australia.
The extensive breach yielded troves of insider data, helping identify key players. So far, there are five indictments and three international warrants. Two top LockBit actors were arrested in Ukraine and Poland.
Most importantly, the NCA now controls the technical backbone powering LockBit’s operations – including its infamous dark web data leak site.
“We’ve cut off their ability to launch new ransomware attacks by taking over their infrastructure,” explained the NCA. “And we’ve obtained decryption keys to help victims regain their data.”
Authorities also seized over 200 cryptocurrency wallets linked to the group’s extortion payments. The financial blows compound the operational havoc.
While remnants may rebuild, officials vow sustained surge operations against developers, affiliates and systems.
“LockBit may seek to rebuild, but we know who they are,” stated NCA Director General Graeme Biggar. “We will not stop targeting this group.”
