Operation Cronos: The Takedown of LockBit Ransomware Group

Share :

On February 20, 2024, the National Crime Agency (NCA) of Britain and the Federal Bureau of Investigation (FBI) announced the successful disruption of the Lockbit ransomware gang, marking a significant milestone in the fight against cybercrime. This operation, known as Operation Cronos, was a collaborative effort involving law enforcement agencies from the UK, the US, and several other countries, with support from private sector partners.

The campaign against Lockbit involved the seizure of the group’s infrastructure (including their leak site), 34 servers, the closure of 14,000 rogue accounts, and the freezing of 200 cryptocurrency accounts, and 5 indictments against members of the group. Additionally, law enforcement agencies managed to arrest two individuals associated with Lockbit in Poland and Ukraine, further crippling the group’s operations.

By seizing Lockbit’s decryption keys, law enforcement agencies have enabled the development of new decryption tools to assist victims in recovering their encrypted files.

Recommendations

Access Free Decryption Tools

Victims of LockBit ransomware may access the free decryption tools made available by the cooperation with law enforcement. Instructions for recovery will vary depending on the country of origin.

If your organization requires assistance decrypting a past LockBit incident or responding to an active ransomware attack, please fill out the this web form to initiate a case with Arctic Wolf Incident Response.

Country Supporting Organization Instruction
US FBI Reach out to the FBI to obtain keys through the following website: https://lockbitvictims.ic3.gov/
UK NCA Reach out to the NCA to obtain keys through this email: lockbit@nca.gov.uk
All other countries Europol, Polite (NL) Follow the instructions for Lockbit 3.0 decryption on the following site: https://www.nomoreransom.org/en/decryption-tools.html#Lockbit30

References

See other important security bulletins from Arctic Wolf.

Stefan Hostetler

Stefan Hostetler

Stefan is a Senior Threat Intelligence Researcher at Arctic Wolf. With over a decade of industry experience under his belt, he focuses on extracting actionable insight from novel threats to help organizations protect themselves effectively.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter