Great success of the services. The Lockbit group has been broken up. Arrests in Poland

Great success of the services. The Lockbit group has been broken up. Arrests in Poland

The FBI and services from countries such as Great Britain, Germany, Australia, France and Poland defeated one of the most dangerous ransomware groups in history. Lockbit’s IT infrastructure was infiltrated and members of the organization were detained, among others. in Poland.

Lockbit is one of the most dangerous and active cybercriminal groups that specializes in ransomware attacks. This is malware that allows you to penetrate the attacked network and encrypt the owner’s data. The only way to recover this data is to pay a “ransom”, i.e. transfer the requested amount to the criminal’s account.


The Lockbit Group is responsible, among others, for: for attacks on organizations such as Accenture and Thales, the French post office, the port of Lisbon, the children’s hospital in Toronto, the tire manufacturer Continental, the Chinese daily China Daily and TSMC, one of the largest semiconductor producers in the world. It is estimated that at the beginning of 2023, Lockbit could be responsible for up to 44%. all ransomware attacks.

Cybercriminals operating within groups However, they have just received a blow from which it will be difficult for them to recover. After an investigation lasting many months, the British National Crime Agency (NCA), the US Federal Bureau of Investigation (FBI) and Europol announced the disbandment of the organization.

As part of the large-scale Operation Cronos, which was conducted with Europol and services from countries such as Australia, Germany, Japan and France, Lockbit’s infrastructure was infiltrated. As a result, access was gained to the system used to coordinate attacks, the source code of the ransomware, decryption keys (which will be available to victims of attacks), and even records of conversations with victims.

Breakup of the Lockbit group photo: FBI

Lockbit finally broken. Arrests in Poland and Ukraine

At the same time, the services closed 34 Lockbit servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the USA and the UK. According to Europol, people suspected of operating within a criminal organization were also detained. The arrests took place in Poland (in cooperation with the Polish Central Office for Combating Cybercrime) and in Ukraine.

Authorities have frozen more than 200 cryptocurrency accounts linked to the criminal organization, underscoring its commitment to disrupting economic incentives that drive ransomware attacks

– Europol also reported that software decryption keys

Is this the final end of Lockbit? Unfortunately, history shows that such groups can be reborn like a phoenix from the ashes. It is worth remembering that we are talking about organizations whose members are scattered all over the world. There is no doubt that Lockbit will return, but this does not diminish the services involved in dismantling it.

– Cybercriminals are very difficult to catch, especially those forming large operational groups, so disrupting their activities is a key tactic, explains Jake Moore, cybersecurity advisor at ESET.

The removal of the LockBit website will be a huge blow to cybercriminals and while it will not eliminate the problem, it will disrupt the criminal network, potentially saving companies millions of pounds in targeted action

– adds the expert.

Source: Gazeta