Lockbit Extorsion Operation Interrupted by Operation Cronos

lockbit extorsion operation
Photo by Kevin Ku

The Lockbit extorsion operation was taken down by an international law enforcement effort called “Operation Cronos”.  This action included participation of the FBI, the National Crime Agency of the UK (NCA), and Europol among other organizations. 

Actions taken include the UK,s National Crime Agency taking control of the ransomware’s site and the arrest of at least four individuals.  Two individuals were arrested in Poland and Ukraine and two others had been detained in the U.S.  Two other Russian nationals are still at large.

Operation a Major Blow to Lockbit

The strike included gaining control of the central infrastructure of the organization and the seizing of source code.  The agencies also obtained encryption keys that will assist victims decrypt their data and retrieve their data.  Europol reported that enforcement efforts had resulted in the take down of over thirty servers in nine different countries.

History of Cybercriminal Group

Lockbit is a network of cybercriminals that has targeted thousands of organizations in a variety of sectors including manufacturing, government, energy, financial services, and health care.  To date, Lockbit had hacked into over 2,000 systems and raked in over $120 million dollars in ransom from their victims.

Lockbit has been the most common form of ransomware in the last two years.  The group has run a Ransomware as a sophisticated and highly organized Ransomware as a Service (RaaS) operation since 2020.  RaaS platforms offer ransomware products on subscription or commission basis.

The organization is thought by many experts, to have originated in Russia, though the group has claimed no national affiliation and has claimed to only be engaged in its activities for financial gain.  The group operates by recruiting hackers to use Lockbit’s various tactics, techniques, and procedures to compromise major organizations worldwide.

Many victims of the Lockbit extorsion operation have been additionally extorted by threats to publish sensitive information.  The resulting ransom payments are usually made in cryptocurrencies which makes tracing the payments difficult.

Ransomware a Growing Concern

Ransomware is the largest cyberattack threat to industrial organizations in North America.  There has been a continuing growth in the number of attacks in the last several years.  While the Lockbit ransomware group has been the leader in this area, a number of other actors such as 8Base, Akira, and Black Blasta have been active players. 

It is expected that this trend will continue to escalate as these groups utilize AI in increasingly targeted attacks in conjunction with social engineering and phishing techniques.  Targeted entities tend to be government agencies and large business concerns.  Experts expect that increased attacks will occur in the health, education, and energy sectors.

Enforcement Agencies Respond

The Department of Justice in conjunction with other law enforcement agencies have been engaged in the infiltration of cybercrime groups.  In the United States, the FBI has been particularly active in these efforts with successes against the Hive network in 2023.  As with the actions taken against Lockbit, the FBI partnered with law enforcement agencies in other countries.  The Hive infiltration involved ransoms of $130 million and also resulted in the capture of decryption keys which were made available to victims to retrieve stolen data.

CVG Strategy Cybersecurity 

While the disruption of the Lockbit extorsion operation is a promising development, the successes of ransomware attacks illustrate the vulnerabilities of organizational information.  Successful hacks of this sort are often the result of exploiting humans into opening infected emails or visiting infected sites. 

Businesses and government agencies must develop effective data protection strategies.  These strategies should include policies that incorporate risk assessment, training, and management review.  CVG Strategy consultants provide training to make your entire team aware of cyberattacks and how to employ processes to prevent these threats.  We can assist with reviews of policies, risk assessment approaches, and best practices to build management systems capable of handling complex cybersecurity requirements.

Our ISMS consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO 27001 certification—on time and on budget.

CVG Strategy is also committed to the goals of CMMC in securing our defense manufacturing supply chain’s information secure.  As industry leaders in cybersecurity, ITAR, and risk-based management systems.  We have experience with companies of all sizes and understand the importance of innovating flexible approaches to meeting the requirements CMMC, establishing effective programs, and achieving certification.

Kevin Gholston

Share this post