LockBit ransomware operations seized by law enforcement in ‘Operation Cronos’

Meanwhile, key operations of the ransomware gang are seized including access to LockBit’s affiliate panel, a central control panel for LockBit’s affiliate groups to create and modify various LockBit ransomware-as-a-service (RaaS) samples, manage attacks and victims, run attack analytics and publish blog posts.

“Law Enforcement has taken control of Lockbit’s platform and obtained all the information held on there,” said a block alert for login attempts made on the panel. “This information relates to the Lockbit group and you, their affiliate. We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more.”

LockBit faces takedown after a popular run

LockBit ransomware-as-a-service (RaaS) gained prominence quickly since its launch in 2019, making it the leading ransomware used in 2022, second only to the Russia-backed Conti ransomware group. The first quarter of 2022 noted 15% ransomware attacks by LockBit, while Conti contributed 16%, according to a report by ransomware incident response firm Coveware.

LockBit’s quicker evolution and claims of an edge over the competition, combined with Conti’s disintegration of smaller groups, led to it becoming even more formidable. With the launch of lockBit 3.0 in the second half of 2022, the group filled in the void from Conti’s disappearance and became the most used ransomware by the end of the third quarter of 2022.

The group sells access to the ransomware malware and associated infrastructure to affiliate (third-party) cybercriminals or groups, charging them a commission of 25% on the money received as ransom from attacks. Like most RaaS gangs, LockBit also employs double extortion tactics, allowing its affiliates to exfiltrate data out of victim organizations on top of encryption, for additional leak threats.