On Monday afternoon, LockBit3.0’s dark web blog was replaced by a 404 message and then a seizure notice:
The notice reads:
The Site is Now Under Control of Law Enforcement
This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos.’
We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation.
Return here for more information at 11:30 GMT on Tuesday 20th Feb.
Shortly thereafter VX-Underground posted an exchange they had with the LockBitSupp Tox account. In that brief exchange, someone, presumably LockBitSupp, confirmed the seizure and said the FBI pwned him.
VX-underground also posted a screencap of what an affililiate will now see if they attempt to login to LockBit’s platform. They are greeted with a message telling the individual that law enforcement has taken control of the platform and all the information it held. The message reads, in part:
“We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much, more. You can thank Lockbitsupp and their flawed infrastructure for this situation…. we may be in touch with you very soon.”
More information is scheduled to be released Tuesday morning, but as of publication, law enforcement hasn’t mentioned whether anyone was arrested. LockBit was one of the longest-running and most financially successful of the ransomware groups.