International law enforcement operation disrupts LockBit ransomware gang and offers victims free decryption tool.
The campaign was dubbed Operation Cronos and was a collaboration between the U.K.’s National Crime Agency (NCA), the Europol, the FBI, and a coalition of international police agencies.
On February 20th, police officers arrested two LockBit threat actors in Poland and Ukraine: Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord). Both are Russian citizens.
As part of the Operation Cronos, the law enforcers:
- seized LockBit’s data leak site
- took down 34 servers
- retrieved more than 1,000 decryption keys
- got the LockBit platform’s source code
- blocked over 200 cryptocurrency LockBit-linked accounts
- identified and referred for removal more than 14,000 rogue accounts worldwide
LockBit victims get free decryptor
The Japanese Police made the LockBit 3.0 decryptor. If you are one of the gang’s victims, read the How-to Guide and see if you can get your data back.
The guide offers two decryptor checkers that will tell you if recovery works in your case. If any of the tools will have a positive result, you’ll get an email address so you can ask for other information.
Source – NoMoreRansom.org
How big a threat was LockBit ransomware?
LockBit is one of the top three most lucrative Ransomware-as-a-Service gangs, along with BlackCat and Cl0p. According to security analysts, the threat group is based in Russia.
CISA named LockBit “the most deployed ransomware variant across the world” in 2022.
Researchers first observed the malware under this name in January 2020, on a Russian-language dark forum. The FBI said since then LockBit has been responsible for more than 1700 attacks in the US alone.
The amount of ransom payments they’ve collected in four years of activity raised to $120 million, according to the U.S. Department of Justice.
Most of the criminals who operate LockBit are just after the cash, but for the most notorious, it’s all about being savvier and smarter than everyone else. This intense investigation shows the FBI Newark, and our international law enforcement partners are disrupting these cyber groups, and more importantly – we are getting victims their information back.
James E. Dennehy, FBI – Newark Special Agent in Charge
LockBit hackers hit victims all over the world, regardless their area of activity. Any organization, from banks, retailers, communication services, schools, healthcare institutions, etc. could have been a target.
Some of the most famous LockBit attacks were:
- Britain’s National Health Service, August 2022
- Continental, November 2022
- Royal Mail, January 2023
- Taiwan Semiconductor Manufacturing Company (TSMC), June 2023
- Boeing, November 2023
Won a battle, not the war
While LockBit’s fall is celebrated all across the internet, Security Administrators should remain alert. Although the gang received a huge blow, they still got access to some of their backup servers.
Ransomware gangs are like a Hydra – you close one and two others are coming up.
Robertino Matausch, cybersecurity expert @Heimdal Security
To protect your sensitive information from encryption and prevent data loss, here’s a shortlist of ransomware prevention best practices:
- Use end-to-end encryption when transmitting sensitive data
- Use DNS filtering to block malicious communication and data exfiltration attempts
- Apply a Zero-Trust policy
- Keep all software on all devices patched
- Enable multi-factor authentication
- Enforce a strong password policy
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.