New series of measures issued against the administrator of LockBit

Today, authorities from the United Kingdom, United States and Australia are revealing the second phase of Operation Cronos – the sanctions.

The administrator and developer of LockBit, a Russian national, is now subject to a series of asset freezes and travel bans issued by the UK Foreign, Commonwealth and Development Office, alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs and Trade.
Prosecutors in the United States have also unsealed an indictment against him based on his alleged role as the creator, developer, and administrator of the LockBit ransomware variant. Additionally, authorities in the United States are offering a reward of up to USD 10 million for information leading to his arrest and/or conviction.

These measures follow a first phase of action in February 2024 which was led by the UK’s National Crime Agency and resulted in the compromise of LockBit’s primary platform and other critical infrastructure. The sanctions form part of a concerted campaign supported by Europol and Eurojust to severely damage the capability and credibility of the LockBit ransomware group.

The true impact of LockBit’s criminality was previously unknown, but data obtained from their systems showed that more than 7 000 attacks were built using their services between June 2022 and February 2024. The top five countries hit were the United States, United Kingdom, France, Germany and China.

Europol disseminates some 3 500 victim intelligence packages

Law enforcement is now in possession of over 2 500 decryption keys and are continuing to contact LockBit victims to offer support.

Europol has been exploiting the vast amount of data gathered during the investigation and the first phase of action to identify these victims, who are located all over the world. Its European Cybercrime Centre (EC3) has disseminated some 3 500 intelligence packages containing information about Lockbit victims to 33 countries.

With Europol’s support, the Japanese Police, the National Crime Agency and the Federal Bureau of Investigation have concentrated their technical expertise to develop decryption tools designed to recover files encrypted by the LockBit ransomware.

These solutions have been made available for free on the No More Ransom portal, available in 37 languages.

NCA-controlled leak site

After seizing control in February, the ransomware group’s leak site on the dark web was redesigned by law enforcement to instead host a series of articles exposing the different actions undertaken against LockBit.

The NCA-controlled leak site is once again being used to host a range of information exposing the criminal group.

It can be accessed via Tor using the below links:

• lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
• lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
• lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion

This investigation continues to identify affiliates – those who used LockBit services and carried out attacks – and ensure they face law enforcement action.

Taskforce Operation Cronos

The concerted campaign by the international Operation Cronos taskforce to target and disrupt LockBit ransomware is ongoing. The following authorities are part of this taskforce:

• France: National Gendarmerie (Gendarmerie Nationale – Unité nationale cyber C3N)
• Germany: State Bureau of Criminal Investigation Schleswig-Holstein (LKA Schleswig-Holstein), Federal Criminal Police Office (Bundeskriminalamt)
• The Netherlands: National Police (Team Cybercrime Zeeland-West-Brabant, Team Cybercrime Oost-Brabant, Team High Tech Crime), Public Prosecutor’s Office Zeeland-West-Brabant
• Sweden: Swedish Police Authority
• Australia: Australian Federal Police (AFP)
• Canada: Royal Canadian Mounted Police (RCMP)
• Japan: National Police Agency (警察庁)
• United Kingdom: National Crime Agency (NCA), South West Regional Organised Crime Unit (South West ROCU)
• United States: U.S. Department of Justice (DOJ), Federal Bureau of Investigation (FBI) Newark
• Switzerland: Swiss Federal Office of Police (fedpol), Public Prosecutor's Office of the canton of Zurich, Zurich Cantonal Police