Scroll Top
Republic of Trinidad and Tobago

Law Enforcement LockDown LockBit Ransomware Operation


In a significant blow to cybercrime, law enforcement agencies from 11 countries have joined forces in a coordinated effort dubbed “Operation Cronos” to disrupt the operations of LockBit, a notorious Russian-speaking cybercriminal group specializing in ransomware attacks. The operation marks the latest in a series of successful takedowns targeting digital criminal enterprises.

LockBit, a prominent ransomware-as-a-service (RaaS) operation, has long been a thorn in the side of cybersecurity professionals, emerging on the scene in 2019. Its modus operandi involves recruiting affiliates to carry out the actual hacking, promising them hefty cuts of up to 75% of the ransom proceeds generated through its encryptor. Over the years, LockBit has amassed over 3,000 known victims, although the actual number is believed to be much higher. While an accurate figure is near impossible to attain, the estimated figures are staggering. In the US alone, it is estimated that LockBit Ransomware has cost approximately 1700 victims more than US$90 million from 2020 – 2023. With an estimated average Ransomeware of US$85,000 and the potential of 3000 victims worldwide to have paid, that amounts to over US$225 million – again, all estimates but huge figures nonetheless.

The recent action saw law enforcement seizing the infrastructure of LockBit, effectively crippling its operations. Affiliates attempting to access the group’s administrative panel were greeted with a stark notice indicating that authorities had seized crucial information, including source code, victim details, ransom amounts, stolen data, and chat records.

“All the information held on there [LockBit’s platform] has been obtained. This information relates to the Lockbit group and you, their affiliate,” reads the message displayed on the seized panel.

LockBit’s reign of digital extortion has targeted a diverse array of organizations, ranging from financial institutions like the New York subsidiary of the Industrial and Commercial Bank of China to government entities such as the Italian Internal Revenue Service. Notably, a recent attack on Infosys McCamish Systems (IMS), a service provider for Bank of America, led to a data breach exposing customers’ personal information.

The successful operation against LockBit comes on the heels of intensified international collaboration in combating ransomware threats. The Biden administration’s establishment of an international ransomware task force, comprising 37 governments committed to intelligence sharing, has played a pivotal role in facilitating coordinated actions like Operation Cronos.

“While today’s takedown is a significant blow to the ransomware ecosystem, it’s important to recognize that without the arrest of central figures within the operation, the threat may resurface under a different guise,” cautions Allan Liska, a principal intelligence analyst with Recorded Future.

Indeed, the digital landscape remains fraught with challenges, and cybercriminals are known to adapt swiftly in the face of enforcement actions. Nevertheless, Operation Cronos stands as a testament to the collective resolve of global law enforcement agencies in combating the scourge of ransomware and safeguarding digital infrastructure against malicious actors.