SECURITY
SECURITY
SECURITY
International law enforcement operation takes down LockBit leak site
An international law enforcement operation has disrupted the infamous LockBit ransomware gang by successfully taking down its leak site on the dark web.
LockBit’s leaks site, a site operated by LockBit where it threatens to expose and then publish stolen data from victims, is offline and has been replaced by the featured image. It states that the site is now under the control of law enforcement and includes various country flags and police force logos from the countries that participated in the operation.
Details about the operation, however, are unknown. The U.K. National Crime Authority and others involved in the operation are set to publish a joint media release tomorrow. The NCA has confirmed the takedown, though. A spokesperson told Bleeping Computer that “we can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation.”
While LockBit’s main leak site is down, Bleeping Computer notes, some of the other gang’s dark web sites, including ones used to host data and send private messages, are still up.
Without knowing everything that operation entailed, it’s likely that it’s just another minor disruption for a prolific ransomware group, and it’s not the first time. The group, in 2024, goes by the name of LockBit 3.0 – the 3.0 indicating that it’s the third incarnation of the group after it had been targeted by takedowns in the past.
Although law enforcement has no choice but to go after gangs like LockBit, it’s a real-life game of Whac-A-Mole, and for every takedown, more groups emerge. In this case, unless the unknown part of the takedown is that law enforcement agencies have arrested every gang member, LockBit will be back in no time.
The LockBit ransomware gang emerged in 2020 and operates on a ransomware-as-a-service model, where affiliates use already-developed ransomware to execute attacks. In its time, LockBit has regularly been one of the most prolific ransomware groups and was named as the most active threat actor on the planet in January 2023.
Previous LockBit victims include Managed Care of North America Inc. in May 2023. A suspected gang affiliate was also arrested in Arizona in June 2022 and accused of being involved in multiple LockBit ransomware attacks against victims in the U.S., Asia, Europe and Africa. One of its most recent victims was Foxsemicon Integrated Technology Inc., a subsidiary of Hon Hai Precision Industry Co. Ltd., better known as Foxconn, in January.
Image: LockBit
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
