The Federal Bureau of Investigation (FBI) and its international allies have seized a dark web site linked to the world’s most notorious ransomware group. The worldwide ransomware gang known as LockBit had been making headlines for years for frequently extorting money from people, big corporations, and governments.
While the full scope of intelligence partners’ cyber operation nicknamed ‘Operation Cronos’ is unknown at this time, a statement on the group’s.onion website shows a seizure banner.
A dark web site belonging to the world’s most infamous ransomware gang has been seized by the Federal Bureau of Investigation (FBI) and its international allies. The multinational ransomware gang known as LockBit had been in headlines for years for routinely extorting money from individuals, multinational companies as well as governments.
While the full extent of the cyber effort codenamed ‘Operation Cronos’ by intelligence partners is unknown at this stage, a message on the group’s .onion website displays a seizure banner.
“We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation,” read the message posted on Monday (Feb 19).
“The site is under the control of the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the message added along with the seals of the FBI, NCA and a host of other law enforcement agencies from Australia to Germany.
According to CNN, the agencies will publicly provide further details about the operation on Tuesday (February 20).
According to malware research organization VX-Underground, the famed hacker gang was compromised and its website was taken down by exploiting a significant security issue in PHP (CVE-2023-3824, CVSS score: 9.8) that might lead to remote code execution.
LockBit’s emergence
LockBit originally made headlines on the worldwide arena in 2019, and it has since become one of the most active and notorious ransomware groups, with over 2,000 victims.
Last year, British officials warned that LockBit’s namesake software remained the “most deployed ransomware variant” worldwide in 2022 and that it “continues to be prolific so far in 2023”.
LockBit was behind big hack on UK
LockBit also claimed responsibility for ransomware attacks on the Industrial and Commercial Bank of China and Fulton County, Georgia, in recent months.
LockBit’s website was hacked by authorities, after the US government’s dismantling of the BalckCat ransomware organization a few months ago.