LockBit, one of the world's largest ransomware groups, has been targeted by an international police operation

Europol announced on Tuesday February 20 that two suspects were arrested and several dozen servers seized as part of a major international police operation called “Chronos” targeting Lockbit and involving authorities from eleven countries, including France.

A cybercriminal group specializing in ransomware, viruses designed to paralyze computer networks and demand ransom from victims – has positioned itself among the most active gangs in this environment in a few years. Last summer, US authorities counted a total of 1,700 attacks on their soil since the group's emergence in 2019, “revenues” of around 91 million dollars (about 84 million euros) in ransoms paid only by targets located in the United States. In the states.

“Ransomware is estimated to account for a quarter of all attacks worldwide, with Europe predicted to hit”emphasizes that the world Jean-Philippe Lecouffe, Europol's Deputy Director of Operations, describes a team “Very Attractive” For pirates, because “All Tools Provided”. Lockbit, the name given in Russian-speaking forums to these infiltration experts working in partnership with ransomware operators, ramped up the attacks by conducting a vast affiliate recruitment campaign. In the last quarter of 2023, attacks carried out by LockBit and its partners were represented 8% of incidents were addressed by CovewareA leading security company in this regard.

A crumbling technological infrastructure

As part of the Europol-led Operation Chronos, authorities in Poland and Ukraine were remarkably successful in arresting two suspected Lockbit collaborators following a request by the French justice system. The operation specifically struck at the heart of the group's technological infrastructure: at least 34 servers in eight countries, including France and the United States, were seized, and public platforms operated by LockBit now display the authorities' traditional information notice. A site used by a cybercriminal group to display the names of victims, including a “wall of shame”.

In total, thousands of domain names have been seized by Europol, indicating that the group's internal infrastructure, including the platform used by affiliates to connect, is not being used by authorities. “We have control over all the infrastructure”, assures Jean-Philippe Lecouffe. Data decryption keys for potential victims will soon be published online on the No More Ransom website.

In this article you should read 45.73%. The rest is reserved for subscribers.