This morning, we woke to a major announcement that Britain, the US, and EU have disrupted the Lockbit cybercriminal gang. We have all come to know the Lockbit group as one of the most sophisticated cybercriminal ransomware gangs in the world responsible for major ransomware breaches and data exfiltration events.
The effort to take down Lockbit was led by Britain’s National Crime Agency, the FBI and Europol plus a plethora of international police agencies according to the gang’s recent post on the Lockbit website.
"This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’," the post said.
What is Ransomware?
Ransomware is malicious software that encrypts data. The Lockbit organization is funded by ransomware payments it extorts from a business after encrypting their data, holding it for ransomware and often threatening and coercing a company to pay. Lockbit will threaten the organization with the release of sensitive and proprietary company data to the public. Only after paying the ransom will the cybercriminals provide a digital key to unlock the data.
Lockbit Stats
Lockbit is the most prolific and far-reaching ransomware cybercriminal group in the world, far outpacing even their closest competitors. Just look at the graphic below to see how far ahead Lockbit is in terms of victims. Beating out their nearest peer by 250%!
In November last year, Lockbit published data from Boeing, one of the world's largest defense and space contractors. In early 2023, Britain’s Royal Mail was severely disrupted after an attack by the group.
Number of LockBit ransomware attacks in the U.S. since 2020:
- About 1,700 attacks according to the FBI.
Total of U.S. ransoms paid to LockBit:
- Approximately $91M since LockBit activity was first observed in the U.S. on January 5, 2020.
Is the Lockbit organization toast?
The question on everyone’s minds this morning is “Is the Lockbit organization toast? Will the Lockbit encryption keys be released?” Reuters reported that a representative for Lockbit did not respond to messages seeking comment but did post messages on an encrypted messaging app saying it had backup servers not affected by the law enforcement action. One must assume that these backup servers will be brought back online rather quickly and without arrests being made, the cybercriminal group will be back up and running in no time at all. The only real question is will they rebrand or maintain the Lockbit name?