The most recent in a long line of digital takedowns was the seizure of several darknet domains run by LockBit, one of the most active ransomware organizations.
Visit the group’s .onion website to see a seizure banner with the message” The site is now under the control of law enforcement,” even though the full scope of the effort, codenamed Operation Cronos, is currently unknown.
The joint exercise was attended by authorities from 11 nations, including Europol, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, and the United Kingdom.
In a message posted on X ( previously Twitter ), malware research group VX-Underground claimed that the websites had been taken down by taking advantage of an important PHP security flaw ( CVE-2023-3824, CVSS score: 9.8 ) that could lead to remote code execution.
Additionally, law enforcement organizations left a note on the affiliate panel stating that LockBit’s “flawed infrastructure” allowed them to obtain the” source code,” “details of the victims you have attacked, the amount of money extorted, data stolen, chats, and much, much more.”
One of the busiest and most well-known ransomware gangs in history, LockBit was founded on September 3, 2019, and it has so far claimed more than 2,000 victims. At least$ 91 million is thought to have been extorted from American businesses alone.
In the fourth quarter of 2023, LockBit, the cybersecurity company ReliaQuest, listed 275 victims on its data leak portal, dwarfing all of its rivals.
The development, which comes two months after the U.S. government dismantled the BlackCat ransomware operation, is a definite blow to LockBit’s near-term operations even though there is no word of any arrests or sanctions as of yet.
A 31-year-old Ukrainian national was detained at the same time as the coordinated takedown, which was carried out in conjunction with the sale of access to other threat actors on the dark web and the use of malware to access Google and online bank accounts of American and Canadian users.