Security News > 2024 > February > LockBit disrupted by international law enforcement task force
On Monday afternoon, LockBit's leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. "This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'," the notice says.
"We can confirm that Lockbit's services have been disrupted as a result of International Law Enforcement action - this is an ongoing and developing operation."
"Law Enforcement has taken control of Lockbit's platform and obtained all the information held on there. This information relates to the Lockbit group and you, their affiliate. We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more. You can thank Lockbitsupp and their flawed infrastructure for this situation. we may be in touch with you very soon."
"LockBit not only carried out attacks by its operators, but it also ran a ransomware-as-a-service infrastructure which could be rented out by its affiliates to launch attacks. It could be said that LockBit was largely responsible for the growth of the ransomware industry today. Its affiliates saw big financial returns from the attacks, which undoubtedly made ransomware the attack-of-choice for many criminals and drew others to the industry," he added.
"According to LockBit admins, the law enforcement agencies exploited PHP CVE-2023-3824 vulnerability to compromise LockBit's public-facing servers and gain access to LockBit source code, internal chat, victims' details, and stolen data," he told Help Net Security.
"Although the LockBit group claims to have untouched backup servers, it is unclear whether they will be back online. Currently, LockBit associates are not able to login to LockBit services. In a Tox message, adversaries told their associates that they would publish a new leak site after the rebuild."
News URL
https://www.helpnetsecurity.com/2024/02/20/lockbit-law-enforcement-action/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2023-3824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. | 9.8 |