Notorious ransomware gang LockBit's website has been taken over by law enforcement authorities, who claim they have disrupted the group's operations and will soon reveal the extent of an operation against the group.
The page also carries logos for Europol, and law enforcement agencies from Australia, Germany, Poland, Japan, France, and Switzerland.
National flags of those nations, plus those of Canada, Sweden, and Finland, are also present.
Web pages are, of course, not a ransomware gang's main tool - this one could be window-dressing.
Europol has reportedly taken credit for shutting down LockBit, so perhaps Operation Cronos really has disrupted the gang's operations.
If that's the case, this action will be welcome.
LockBit is prolific and vicious: we've reported it attacking a children's hospital, Infosys, sandwich chain Subway, and many other attacks.
US authorities have detected at least 1,700 LockBit attacks in that nation alone as of mid-2023, and suggest the group was responsible for almost a quarter of all ransomware attacks in some countries.
LockBit was one of the pioneers of ransomware-as-a-service.
It offered its wares to affiliates, who got the job of negotiating with victims and then sending the gang part of the loot.
That business model's efficiency waned in late 2023, leading LockBit to change its rules to ensure minions secured bigger ransoms and sent more to their masters.
Few will mourn LockBit's passing - it is believed to have taken tens of millions of dollars in ransom payments, and then threatened to reveal victims' data unless they send further funds.
There are geopolitical implications as well, given LockBit is thought to be directed from Moscow and therefore perhaps part of a wider campaign to disrupt Russia's enemies.
This Cyber News was published on go.theregister.com. Publication date: Tue, 20 Feb 2024 01:43:04 +0000