Lockbit Infrastructure Disrupted by Global Law Enforcers

Cybersecurity

A British law enforcement agency is leading an ongoing operation to disrupt prolific ransomware collective Lockbit.

The National Crime Agency (NCA) teamed up with the FBI, Europol and others on “Operation Cronos,” according to a message displayed on Lockbit’s leak site.

According to screenshots posted on X (formerly Twitter), the group’s affiliate panel has also been seized by law enforcement, as well as internal data including chat messages, source code and details on victims and extortion payments.

“You can thank Lockbitsupp and their flawed infrastructure for this situation … we may be in touch with you very soon,” reads a message posted by law enforcement to the affiliate panel. Lockbitsupp is the handle of the believed ringleader of the ransomware group.

Related Posts

Only 5% of Boards Have Cybersecurity Expertise

What are the Essential Skills for Cyber Security…

Portugal Forces Worldcoin to Stop Collecting Biometric Data

In a brief statement, an NCA spokesperson confirmed that the agency had led a coordinated takedown of the group’s current infrastructure and added that the situation was “ongoing and developing.”

Security researchers vx-underground claimed that at least 22 Tor sites associated with Lockbit had been seized and/or taken down by law enforcement.

Read more on Lockbit: LockBit Remains Top Global Ransomware Threat

It cited the group’s administrator as claiming law enforcement had managed to compromise its infrastructure by exploiting CVE-2023-3824. This is a critical PHP vulnerability which could lead to a stack buffer overflow and potentially memory corruption or remote code execution.

Lockbit has dominated the ransomware threat landscape over the past two years, demanding tens of millions of dollars in ransoms from big-name targets including the Royal Mail, chip giant TSMC and the state of California.

A recent report claimed it had listed 275 victims on its leak site during Q4 2023 alone.

However, as William Wright, CEO of Closed Door Security, argued, Operation Cronos is unlikely to lead to any arrests – as most ransomware actors are sheltered in states out of the reach of Western law enforcers.

“The one caveat to this takedown is that it may not spell absolute demise of Lockbit. The attackers could resurface under new branding as we have seen with DarkSide to BlackMatter to BlackCat, and many others,” he added.

“Enterprises must therefore continue to protect their networks against ransomware. While law enforcement is making good progress, the battle is not over yet.”

More news will be available from the NCA at 11.30 GMT.


Credit: Source link

TVC Editorial Team 42892 posts

TVC is an online news portal that aims to provide the latest tech news, AI, fintech, robotics, cybersecurity, startups, venture capital, and much more!

You might also like More from author

Comments are closed.