LockBit, one of the world’s most infamous cybercrime gangs, has been disrupted by the UK’s National Crime Agency (NCA) and international law enforcement agencies including Europol and the FBI.

The gang is known for holding victims’ data to ransom and providing ransomware-as-a-service, whereby it licenses malware to other hackers.

LockBit has seen rapid growth since its emergence in 2019. According to Europol, in 2022, it was the most deployed ransomware in the world — causing billions of euros worth of damage globally.

“LockBit has long been a scourge to businesses, government agencies, and security professionals the world over,” said Andy Kays, CEO of cybersecurity startup Socura.

“It is arguably the most active ransomware group ever, whose attacks are both devastating and indiscriminate.”

Operation Cronos

The takedown followed a months-long investigation led by the NCA as part of an international task force called Operation Cronos. According to Europol, the group has now comprised LockBit’s primary platform and critical infrastructure,” which includes the takedown of 34 servers spanning Europe, the US, and Australia.

Europol added that two LockBit actors have been arrested in Poland and Ukraine, while over 200 crypto accounts linked to the group have been frozen.

Jake Moore, Global Cybersecurity Advisor at ESET, praised the task force’s collaborative approach.

“It’s extremely difficult to catch cybercriminals, especially those in huge operational groups, so disruption is a key police tactic,” he said.

“The takedown of LockBit’s website will be a massive blow to cybercriminals and although it won’t eradicate the problem, it will disrupt the criminal network potentially saving businesses millions of pounds in targeted activity.”