The LockBit ransomware gang’s payment website fell under the control of US FBI and UK’s NCA in a joint operation named ‘Operation Cronos,’ utilizing a PHP exploit to disrupt services. Visitors attempting to access the site through Onion browsers are now redirected to a page displaying logos of various law enforcement agencies, signaling the intervention.
LockBit issued a statement acknowledging the temporary halt of their operations, promising a return to normalcy within days. Recent targets of the group include Indian financial service group Motilal Oswal and pharmaceutical business Granules India, with demands for substantial ransom payments. UAE Telecom group ETISALAT also faced victimization, with a demand of $100k for data decryption.
Victimized companies are granted a nine-day extension to make payments, as LockBitSupp, the group behind LockBit, scrambles to rebuild their seized payment website.
Despite the swift recovery and operational control demonstrated by such criminal groups, their resilience is often linked to state-funded support and intelligence agencies. Consequently, they can swiftly rebuild their networks post-hiatus, posing challenges for law enforcement agencies like the FBI in dismantling these groups.
LockBit criminals have amassed over $120 million from victims over the past few years, despite efforts by law enforcement to seize payment and data leak sites associated with ransomware groups like Hive and BlackCat.
