"Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow to Operation"

The LockBit ransomware operation has recently been severely disrupted by an international law enforcement operation that involved the seizure of servers and several individuals getting arrested or charged.  LockBit domains currently display a seizure notice informing visitors that the site is controlled by law enforcement, specifically the UK’s National Crime Agency (NCA).  The notice indicates that the takedown is the result of an international operation involving the FBI and law enforcement agencies in Canada, Australia, France, Germany, Switzerland, Sweden, Finland, the Netherlands, and Japan, as well as Europol.  Europol noted that the operation resulted in two arrests, more than 200 cryptocurrency accounts being frozen, the takedown of 34 servers, and the closure of 14,000 rogue accounts.  In addition, the law enforcement agency said that “technical infrastructure that allows all elements of the LockBit service to operate” and leak websites have been taken over.  The two arrested individuals are located in Poland and Ukraine.  In addition, authorities in France and the United States have issued three international arrest warrants and five indictments.  The NCA noted that it has obtained 1,000 decryption keys that will enable organizations to recover encrypted data.

SecurityWeek reports: "Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow to Operation"