LockBit Ransomware: The End Of A Cybercrime Giant

A vast international offensive has dealt a serious blow to the activities of the LockBit ransomware, one of the most prolific in the world. In the operation dubbed “Cronos”, over 200 crypto accounts linked to the cybercriminal group’s illicit activities have been frozen.

Several countries joined forces to catch the LockBit ransomware

The ransomware LockBit, accused of extorting more than $120 million from thousands of victims has just suffered a major blow. A vast international cybersecurity operation, dubbed “Operation Cronos”, has dealt this cybercriminal group a severe blow.

This cyber-offensive involving Europol and the law enforcement agencies of several European countries allowed the freezing of over 200 crypto accounts linked to the illicit activities of LockBit. The latter operated on a “Ransomware-as-a-Service” (RaaS) model: the group provided hacking tools to its affiliates, who then carried out ransomware attacks against designated targets.

Via this system, LockBit therefore armed its cybercriminal associates with malware, who carried out attacks in the field by encrypting victims’ data and asking for a ransom.

The operation led by these countries also led to key arrests and the seizure of infrastructure enabling LockBit to operate.

Distribution of decryption keys to victims after the criminal is cut off

Operation Cronos first attacked the group’s sources of funding by freezing the accounts used to launder extorted ransoms. The US Treasury Department has also placed 10 addresses Bitcoin and Ethereum from LockBit blacklisted, rendering them unusable. According to Arkham Intelligence, some of these blacklisted addresses were linked to crypto deposit accounts at KuCoin, Coinspaid and Binance.

At the same time, coordinated raids in Poland and Ukraine led to the arrest of two key members of the group. Two other suspects were also apprehended in the United States.

Beyond neutralizing LockBit, the operation provides assistance to victims. Authorities seize over 1,000 decryption keys to restore access to the systems taken hostage.

Law enforcement agencies also got their hands on the ransomware’s infrastructure, including its website and communication channels. A way of complicating its activities and undermining its business model based on blackmail and extortion.

This vast operation also demonstrates how authorities and players in the crypto sector are joining forces against cybercrime. In addition to actions led by government agencies, the blacklisting of addresses by the US Treasury Department has directly involved exchange platforms such as KuCoin, Coinspaid and Binance. By freezing identified accounts and henceforth refusing any service to these users, these crypto companies have helped put a stop to the financing of LockBit’s illicit activities.