An international law enforcement operation has disrupted the infamous LockBit ransomware gang by successfully taking down its leak site on the dark web.

LockBit’s leaks site, a site operated by LockBit where it threatens to expose and then publish stolen data from victims, is offline and has been replaced by the featured image. It states that the site is now under the control of law enforcement and includes various country flags and police force logos from the countries that participated in the operation.

Details about the operation, however, are unknown. The U.K. National Crime Authority and others involved in the operation are set to publish a joint media release tomorrow. The NCA has confirmed the takedown, though. A spokesperson told Bleeping Computer that “we can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation.”

While LockBit’s main leak site is down, Bleeping Computer notes, some of the other gang’s dark web sites, including ones used to host data and send private messages, are still up.

Without knowing everything that operation entailed, it’s likely that it’s just another minor disruption for a prolific ransomware group, and it’s not the first time. The group, in 2024, goes by the name of LockBit 3.0 – the 3.0 indicating that it’s the third incarnation of the group after it had been targeted by takedowns in the past.

Although law enforcement has no choice but to go after gangs like LockBit, it’s a real-life game of Whac-A-Mole, and for every takedown, more groups emerge. In this case, unless the unknown part of the takedown is that law enforcement agencies have arrested every gang member, LockBit will be back in no time.

The LockBit ransomware gang emerged in 2020 and operates on a ransomware-as-a-service model, where affiliates use already-developed ransomware to execute attacks. In its time, LockBit has regularly been one of the most prolific ransomware groups and was named as the most active threat actor on the planet in January 2023.

Previous LockBit victims include Managed Care of North America Inc. in May 2023. A suspected gang affiliate was also arrested in Arizona in June 2022 and accused of being involved in multiple LockBit ransomware attacks against victims in the U.S., Asia, Europe and Africa. One of its most recent victims was Foxsemicon Integrated Technology Inc., a subsidiary of Hon Hai Precision Industry Co. Ltd., better known as Foxconn, in January.

Image: LockBit