LockBit's Leak Site Reemerges, a Week After 'Complete Compromise'

Is LockBit dead? Law enforcement and the group itself seem to be telling conflicting stories.

Dark Reading, Staff & Contributors

February 27, 2024

1 Min Read
illustration of a hidden figure cracking open a door lock
AXEL JASS VIA ALAMY STOCK

The LockBit ransomware-as-a-service (RaaS) operation has re-launched its leak site, just one week after a coordinated takedown operation from global law enforcement.

On Feb. 19, the "Operation Cronos Taskforce" -- which includes the FBI, Europol, and the UK's National Crime Agency (NCA), among other agencies -- carried out a massive action. According to Britain's National Crime Agency (NCA), the taskforce took down infrastructure spread across three countries, including dozens of servers. It seized code and other valuable intelligence, troves of data stolen from its victims, and more than 1,000 associated decryption keys. It vandalized the group's leak site, and its affiliate portal, froze more than 200 cryptocurrency accounts, arrested a Polish and a Ukrainian national, and indicted two Russian nationals.

A spokesperson for the NCA summed it up on Feb. 26, telling Reuters that the group "remains completely compromised."

The person added, however, that "our work to target and disrupt them continues."

Read the Full Article on Dark Reading

About the Author

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights