As reported yesterday, law enforcement seized control of LockBit’s leak site and infrastructure. Attempts to view their leak site today show that the seizure notice has been replaced with a page that links to different information on LockBit’ seizure and law enforcement activities:
Europol also released more information about the operations:
The months-long operation has resulted in the compromise of LockBit’s primary platform and other critical infrastructure that enabled their criminal enterprise. This includes the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom.
In addition, two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities. Three international arrest warrants and five indictments have also been issued by the French and U.S. judicial authorities.
Authorities have frozen more than 200 cryptocurrency accounts linked to the criminal organisation, underscoring the commitment to disrupt the economic incentives driving ransomware attacks.
The UK’s National Crime Agency has now taken control of the technical infrastructure that allows all elements of the LockBit service to operate, as well as their leak site on the dark web, on which they previously hosted the data stolen from victims in ransomware attacks.
If you were/are the victim of LockBit, a free decryptor is available on No More Ransom.
Read more about the takedown of LockBit on Europol.