© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

New series of actions against LockBit results in four arrests


An international coalition of law enforcement agencies engaged in the third phase of operation Cronos, arresting four new suspects and seizing nine servers critical to LockBit’s infrastructure.

For a long time, LockBit was considered the most active and destructive ransomware operation in the world. Cybersecurity experts say the hacking group is responsible for over 2,500 victims in 120 countries, including high-profile targets like Bank of America, Boeing and UK Royal Mail.

In February 2024, law enforcement agencies from Australia, Canada, France, Germany, Japan, the Netherlands, Spain, Sweden, Switzerland, Romania, the United Kingdom and the United States took down the infrastructure of LockBit by confiscating 34 servers. That was during the first phase of operation Cronos, a task force led by the UK’s National Crime Agency (NCA).

The servers contained over 2,500 decryption keys. Cybersecurity experts used these keys to develop a LockBit 3.0 Black Ransomware decryptor, which has been made available for free on the No More Ransom portal. So far, more than 6 million victims around the world have used these decryptor keys for decrypting over 150 types of ransomware.

In the following months, several members of the LockBit ransomware operation were arrested, including two Russian nationals in July. This was the second phase of operation Cronos.

Recently, the international coalition of law enforcement agencies, Europol and Eurojust entered the operation’s third phase. This resulted in four arrests and seizures of servers that were critical for LockBit’s digital infrastructure.

A suspected LockBit ransomware developer was arrested in France while he was on holiday. The British police handcuffed two suspects for supporting the activity of a LockBit affiliate. Spanish police officers seized nine servers and arrested an administrator of a Bulletproof hosting server, which was used to shield LockBit’s infrastructure.

Australia, the United Kingdom and the United States implemented sanctions against an actor who the NCA believes is a prolific affiliate of LockBit and strongly linked to the ransomware operation Evil Corp.

Lastly, the United Kingdom sanctioned sixteen other Russian citizens for their involvement in Evil Corp’s criminal activities. On top of that, the United States sanctioned six citizens and Australia two.

“These actions follow the massive disruption of LockBit infrastructure in February 2024, as well as the large series of sanctions and operational actions that took place against LockBit administrators in May and subsequent months,” Europol said in a statement.


Leave a Reply

Your email address will not be published. Required fields are marked