💰💣

LockBit Security Incident

2024 630 days ago Resolved

Incident Overview

Situation Description

An international task force has seized a significant portion of the infrastructure belonging to the ransomware group LockBit, disrupting its criminal operations.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

nan

Geographic Scope

Global

Response Actions

Isolated Compromised Systems Restored Systems from Secure Backups Conducted Threat Hunting & Eradication Notified Law Enforcement Shared Threat Intelligence

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) Intellectual Property Credentials Government Data Source Code Operational / System Data

Primary Impacts

Financial Loss Data Exposure Operational Disruption Reputational Damage

Key Decisions Made

Operation Cronos seized 34 servers in total, including four in the U.S.; Two LockBit affiliates have been arrested and charged by the Department of Justice.; Over 1,000 decryption keys have been seized and will be distributed to victims.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

LockBit

Additional Information

The rise and fall of LockBit ransomware Topics: Feb. 21, 2024 | Christine Barry Post Share Share Share Subscribe Post Share Share Share Subscribe An international task force has seized a significant chunk of the infrastructure belonging to the ransomware group LockBit. This is a major disruption to LockBits criminal enterprise, rendering it effectively redundant according to Graeme Biggar, director general of the National Crime Agency (NCA). The takedown of LockBit was announced by Europol and the U.S. Federal Bureau of Investigation (FBI) in separate press conferences. The FBIs Cyber Deputy Assistant Director Brett Leatherman said the operation disrupted LockBit's front- and back-end infrastructure in the U.S. and abroad and hindered LockBits ability to sting again. Officials are also reaching out to known LockBit victims to distribute decryption keys and other available assistance. If you are a victim of LockBit or other ransomware, you can find assistance by visiting the FBI website for LockBit victims or the international No More Ransom portal . Operation Cronos Operation Cronos is an international effort to target and disrupt LockBit ransomware. There are ten task force member agencies and another four agencies that were not members but assisted in the operation. These international agencies are detailed in the Europol and FBI announcements. The FBI began targeting LockBit in 2021 with a multi-phase campaign to eliminate this group. U.S. law enforcement and intelligence agencies targeted the LockBit operators, their finances, their communications, their malware, and the supporting infrastructure. Once this was accomplished, the next step was the seizure of this entire infrastructure and the criminal charges against the threat actors. The current known results of Operation Cronos are briefly summarized here : Operation Cronos seized 34 servers in total, including four in the U.S. Two LockBit affiliates have been arrested and charged by the Department of...

... (truncated for display)

Quick Facts

Company:: LockBit
Date:: 2024
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 21/02/2024

Source Information

Original Query

FBI takedown of ALPHV/BlackCat infrastructure impact on victim recovery

View Original Source

Timeline

Information Published

21/02/2024

Incident Occurred

2024 (630 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats