International law enforcement agencies have disrupted the operations of a dark web website linked to the notorious cybercrime gang Lockbit, which is known for holding its victims’ data for ransom.
On Monday, the agencies seized the website where LockBit had publicly listed its victims in order to threaten them with potential data leaks if they failed to pay the ransom.
“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a notice on the website reads.
International law enforcement agencies from Australia, Japan, Canada, and across Europe also assisted in the operation, according to the notice.
“We can confirm that LockBit’s services have been disrupted as a result of International Law Enforcement action, this is an ongoing and developing operation,” the notice stated.
Officials in the United States have described LockBit as the world’s top ransomware threat. The group has hit more than 1,700 organizations across nearly every industry. Affected sectors include financial services, food, schools, transportation, and government departments.
The cybercrime gang makes money by stealing sensitive data and threatening to leak it if victims fail to pay an extortionate ransom. Its affiliates are like-minded criminal groups that LockBit recruits to wage attacks using its digital extortion tools.
The FBI office in Atlanta confirmed to media outlets that it was aware of the breach and had been in contact with the county’s information technology department but declined to discuss specifics.
County spokesperson Jessica Corbitt told news outlets on Jan. 30 that there was no estimate for when the outage would be repaired. Most county offices remained open, though certain transactions were limited, according to the county’s website.
LockBit was discovered in 2020 when its eponymous malicious software was found on Russian-language cybercrime forums, leading some security analysts to believe the gang is based in Russia.
The gang has not professed support for any government and no government has formally attributed it to a nation-state. On its now-defunct dark web website, the group said it was “located in the Netherlands, completely apolitical and only interested in money.”
In November last year, LockBit published internal data from Boeing, one of the world’s largest defense and space contractors. In early 2023, Britain’s Royal Mail faced severe disruption after an attack by the group.