Last month, the network of the notorious ransomware gang, LockBit, was seized by law enforcement. This gang was not only responsible for around 25% of attacks in the past year, according to the UK’s National Crime Agency (NCA), it was also the pioneer for the ransomware-as-a-service (RaaS) model which made ransomware more accessible to criminals who don’t have the skills to develop their own. In the past, this group has been involved in attacks on organisations including Boeing, the UK’s Royal Mail, Subway (the sandwich chain) and a children’s hospital, and in total have received more than USD 120m in ransom payments.

What happened to LockBit?

In February, a coordinated international effort between the NCA, the FBI, Europol and several international police agencies was apparently able to take advantage of a flaw in LockBit’s systems. This resulted in them not only taking control of the gang’s website, and seizing its dark-web leak site, but also the primary administration environment which is the main infrastructure which enabled them to operate. In addition to this, the data that law enforcement retrieved led to the arrest of four people involved in the criminal organisation, and the identification of two more who are still at large. They also froze 200 of the group’s cryptocurrency wallets and more than 14,400 rogue email accounts.

Is this the end of LockBit?

This takedown was considered one of the largest actions taken against a cybercrime group, and whilst law enforcement believe that LockBit is effectively redundant, the group is already signalling its return. Less than a week after the seizure, the group’s leader, LockBitSupp, announced the group was again operational on the dark web. They acknowledged that the takedown was a result of mistakes they had made and that the group was going to focus future attacks on government infrastructures, specifically the FBI. 

So, whilst the international law enforcement effort was deemed a victory against one of the most prolific criminal cyber gangs in the world, it remains to be seen whether they have disappeared forever. Even without LockBit, there are still plenty of other malicious actors participating in ransomware attacks, so it’s more important than ever to stay vigilant and protect your company against attack.