LockBit, the infamous cybercriminal group, has returned to action after a brief disruption caused by Operation Cronos.
Here are the key details:
- Operation Cronos: On February 20, 2024, The National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) and other law enforcement agencies seized operations of LockBit. The task force took down 34 servers in multiple countries, seized more than 200 cryptocurrency wallets, arrested of two alleged LockBit members in Poland and Ukraine and retrieved decryption keys for LockBit 3.0 from the seized LockBit infrastructure. However, they were not able to identify or arrest the other members of cybercriminal group running the LockBit operation, known as LockBitSupp.
- LockBit’s Return: On February 24, 2024, just four days later, LockBitSupp released a statement and restored the LockBit infrastructure. The threat actor speculated that the LockBit servers were infiltrated by law enforcement via vulnerable PHP servers. They confirmed that law enforcement was able to obtain 1000 decryption keys out of 20000 stored on the seized server about half of the approximately 40,000 generated by LockBit operation.
Despite the disruption, LockBit has resumed its operations and continues to pose a significant threat. The group has even threatened to target the government sector.
This highlights the ongoing challenges in combating cybercrime and underscores the importance of robust cybersecurity countermeasures.