Agencies claim big win in anti-cybercrime fight

A notorious cybercrime organization that extorts victims' data has been disrupted by a collaboration of international law enforcement agencies.

According to a statement posted on Lockbit's extortion website on Monday, the operation was carried out by the United Kingdom's National Crime Agency, the United States' Federal Bureau of Investigation, Europol, and a coalition of international police agencies.

"This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," the post said.

Spokespersons for the National Crime Agency and the US' Department of Justice verified that the gang had been disrupted and that the operation was "ongoing and developing", reported Reuters news agency. Law enforcement agencies from Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, and Switzerland collaborated in the international police operation.

Authorities in the US, where Lockbit has targeted more than 1,700 organizations across a wide range of industries, have labeled the group as the foremost ransomware threat globally. Organizations targeted have been from sectors including financial services, food, schools, transportation, and government departments.

Lockbit stands out as a formidable player among the many ransomware operators in the fiercely competitive underground market, reported Sky News, and the group and its associates have infiltrated some of the world's largest organizations in recent months.

Lockbit's revenue model relies on it pilfering sensitive data and coercing companies to pay a ransom under the threat of the information being exposed.

Lockbit first surfaced in 2020 when its malicious software appeared on Russian-language cybercrime forums, prompting some security analysts to speculate that the gang originates in Russia. Despite this association, Lockbit has not openly aligned with any government, and no governments have officially linked it to any specific country.

Jon DiMaggio, chief security strategist at Analyst1, a US-based cybersecurity company, told Reuters Lockbit is "the Walmart of ransomware groups, they run it like a business — that's what makes them different. They are arguably the biggest ransomware crew today".

Lockbit leaked internal data from Boeing, a major defense and space contractor, in November, and caused significant disruption to the UK's Royal Mail in early 2023.

Don Smith, vice-president of Secureworks, a division of Dell Technologies, told Reuters Lockbit is the most prolific and dominant ransomware operator in the market.

"Lockbit had a 25 percent share of the ransomware market. Their nearest rival was Blackcat at around 8.5 percent, and after that it really starts to fragment," Smith said.