HQ/EMEAFind out how we can help your business
The U.K. National Crime Agency (NCA) announced the successful conclusion of Operation Cronos after targeting and taking down the notorious LockBit ransomware operation. One of our researchers in iZOOlogic stated that the agency has confirmed its acquisition of LockBit’s source code and gathered intelligence on its operations and affiliates.
This UK-based agency revealed that data on LockBit’s systems included information from victims who had already paid ransoms. This detail shows the harsh reality that companies who comply with ransom demands do not guarantee the safety of their compromised data, contrary to cybercriminals’ assurances.
Still, this significant development follows an extensive international effort to disrupt LockBit, characterised by the NCA as one of the most detrimental cybercrime groups globally.
Operation Cronos assures affected companies that they could acquire LockBit decryptors.
Operation Cronos has assumed control of LockBit’s infrastructure, penetrating its entire criminal network, including the administration environment utilised by affiliates and the dark web-hosted leak site accessible to the public.
In addition, the collaborative efforts of various law enforcement agencies worldwide have dismantled 34 servers linked to LockBit affiliates. However, the most essential part of the successful campaign is the recovery of over 1,000 decryption keys from confiscated servers.
Since its inception in late 2019, LockBit has operated on a ransomware-as-a-service (RaaS) model, licensing encryptors to affiliates who initiate attacks for a share of the ransom proceeds. Employing a tactic known as double extortion, LockBit steals sensitive data before encrypting it, pressuring victims to pay ransom to prevent data leaks.
According to Eurojust and the U.S. Department of Justice, LockBit attacks have impacted over 2,500 victims worldwide, resulting in ill-gotten wealth that exceeds $120 million. Additionally, Operation Cronos has released a decryption tool via No More Ransom, enabling victims to recover encrypted files for free.
The NCA Director General expressed satisfaction with the outcome of their efforts, highlighting the disruption of LockBit’s operations and the retrieval of decryption keys crucial for victims. The director emphasised that Operation Cronos has significantly undermined LockBit’s capacity and credibility.
LockBit attempting to rebuild its criminal enterprise is still a possibility. Still, it could be very challenging for its members as law enforcement agencies already possess comprehensive knowledge of their activities, allowing them to thwart the group’s plans in the future.
