cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

LockBit ransomware site seized by law enforcement

The world’s most prolific ransomware gang, LockBit, is the latest threat actor to have been thwarted by international law enforcement, with the group’s sites now displaying takeover declarations.

user icon Daniel Croft
Tue, 20 Feb 2024
LockBit ransomware site seized by law enforcement
expand image

“Operation Cronos”, a sting led by the National Crime Agency of the UK alongside law enforcement agencies from the US, Germany, Canada and Australia, has seen control of the threat group’s websites taken over.

“This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the sites now say.

“We can confirm that LockBit’s services have been disrupted as a result of international law enforcement action – this is an ongoing and developing operation.”


Other law enforcement agencies from around the world that contributed to the operation include Europol, the French Gendarmerie Nationale, the Finnish Poliisi, the German Bundeskriminalamt and the Australian Federal Police.

“In a significant victory for international cyber security, law enforcement agencies across the globe have successfully disrupted the operations of the notorious threat actor, LockBit,” wrote McGrathNicol partner Darren Hopkins in Linkedin.

“This collective achievement underscores the importance and effectiveness of global cooperation in the fight against cyber crime.

“The Australian Federal Police (AFP) contribution is a testament to Australia’s commitment to global cyber security efforts and highlights the critical need for collaboration across borders to address the evolving challenges in cyber space.

“This operation sends a strong message to cyber criminals everywhere: the international community stands united against cyber crime, and through cooperation and determination, we can protect our digital landscapes and bring perpetrators to justice.”

LockBit runs a high number of mirror URLs to ensure its site remains accessible, as well as engages high amounts of distributed denial-of-service (DDoS) protection. Cyber Daily, however, has observed that the threat group’s mirror sites are also inaccessible.

Tech publication BleepingComputer has reported that the gang’s ransom negotiation sites are also down, but they do not display the takedown banner.

The international law enforcement taskforce behind Operation Cronos is expected to release a joint statement tonight (20 February) at 9:30pm AEST. Cyber Daily will provide an update on this developing story as more information becomes known.

LockBit is widely considered the world’s largest and most prolific ransomware gang and has been a main player in the ransomware space since it first appeared in September 2019 as its former alias, ABCD.

The Russia-based group has hit some major targets, including Boeing last year, as well as one in every six attacks on US government offices, according to Trend Micro.

Cyber Daily observed that last week, LockBit listed 39 victims, almost a third of all 119 ransomware attacks for the week.

The takedown of LockBit comes not long after another prolific ransomware operator was taken down at the end of last year and again last month.

The ALPHV hacking group had its onion leak site seized in a global takedown operation led by the FBI last year.

While the group was back just days later, the group lost its entire database of prior breaches, including active ones it was awaiting ransom payments on.

The attack also led affiliates of the ALPHV ransomware-as-a-service (RaaS) to lose faith in the group, likely as they feared that law enforcement had infiltrated the back end and could monitor activity.

The ALPHV site was then taken down again in January after the group listed the data of US military contractor Ultra Intelligence & Communications. It is unclear if this was part of the first takedown operation.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.