An international police operation has led to the seizure of several darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital attacks.
While the full scope of the effort, code name Operation Chronois currently unknown, visiting the .onion group’s website displays a seizure banner containing the message “The site is now under law enforcement control.”
Authorities from 11 countries, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the United Kingdom and the United States, together with Europol, participated in the joint exercise.
VX-Underground Malware Research Group, in a Message posted on of code remotely.
Even the police Left in a note on the affiliate panel, claiming to be in possession of “the source code, details of the victims you attacked, the amount of money extorted, the stolen data, the chats and much, much more”, adding that it was made possible due to LockBit’s “faulty infrastructure”.
LockBit, which emerged on September 3, 2019, was one of the most active and notorious ransomware gangs in history, claiming over 2,000 victims to date. It is estimated that he extorted at least $91 million from US organizations alone.
According to data shared by cybersecurity firm ReliaQuest, LockBit listed 275 victims on its data leak portal in the fourth quarter of 2023, dwarfing all its competitors.
There’s no word yet on any arrests or fines, but the development is a blow to LockBit’s near-term operations and comes two months after the BlackCat ransomware operation was dismantled by the US government.
The coordinated takedown also coincides with the arrest of a 31-year-old Ukrainian citizen for gaining unauthorized access to Google and the online banking accounts of American and Canadian users by distributing malware and selling access to other dark threat actors web for profit.