A dark-web site belonging to the world’s most infamous ransomware gang has been seized by the Federal Bureau of Investigation (FBI) and its international allies. The multinational ransomware gang known as LockBit had been in headlines for years for routinely extorting money from individuals, multinational companies as well as governments. 

While the full extent of the cyber effort codenamed ‘Operation Cronos’ by intelligence partners is unknown at this stage, a message on the group’s .onion website displays a seizure banner. 

“We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation,” read the message posted on Monday (Feb 19). 

“The site is under the control of the National Crime Agency (NCA) of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the message added along with the seals of the FBI, NCA and a host of other law enforcement agencies from Australia to Germany.

A CNN report stated that the agencies will publicly diclose more details of the operation on Tuesday (Feb 20). 

According to malware research group VX-Underground, the notorious hacker group was compromised and its website taken down by exploiting a critical security flaw impacting PHP (CVE-2023-3824, CVSS score: 9.8) that could result in remote code execution.

LockBit first made waves on the international scene in 2019 and since then it has been the most active and notorious ransomware gangs, claiming more than 2,000 victims.

The British authorities warned last year that LockBit’s eponymous software remained the “most deployed ransomware variant” across the world in 2022 and that it “continues to be prolific so far in 2023”.

LockBit was behind the major cyberattack on UK’s Royal Mail in early 2023 which forced the mail carrier to plead customers to stop sending any international mail. 

Additionally, LockBit claimed responsibility for ransomware attacks on the Industrial and Commercial Bank of China and Fulton County, Georgia, in recent months.

LockBit’s website being hacked by the authorities comes in the backdrop of BalckCat ransomware group being dismantled by the US government a couple of months ago.  

(With inputs from agencies)