An international police operation has taken out one of the most notorious and effective cybercriminal collectives in the world.
Known by the name of Lockbit, the collective has carried out hundreds of hacker attacks over the years, also hitting Italy where it put the IT systems of the Lazio Region under attack in 2021, of Acea in 2023 and in the same year of Westpole, a company that provides cloud services to 1,300 public administration sites. Lockbit, in addition to being one of the most active criminal gangs in the world, was certainly the most active in Italy.
Details of Operation Cronos: hacker site Lockbit hacked
The operation was conducted by the British National Crime Agency (NCA), the American Federal Bureau of Investigation (FBI), Europol and a coalition of international police agencies. A message now appears on the Lockbit site: “This site is under the control of the UK’s National Crime Agency.” Then a warning to those who participated in the group’s cyber attacks, warning that their data may now no longer be covered and available to investigators.
Lockbit 3.0, cybercrime evolves faster than our companies by Pierluigi Paganini 05 July 2022
From what we understand, the technical infrastructure of the Lockbit group was violated with the operation. The investigators would have taken control of it and would have come into possession of the data exfiltrated so far by the criminal group to the detriment of companies and organizations. Useful data for investigators to put together defenses and strategies capable of hindering future attacks by other cyber criminals. Or the same members of Lockbit who, investigative sources explain to our newspaper, could find hospitality in other criminal groups.
It already happened. But, the same sources explain, this time the operation – in which no Italian police forces would have taken part – marks a new frontier in the fight against cybercrime. The British investigators – it is learned – also had the opportunity to leave a message to the hackers in which they wrote: “Learn to protect yourself better”.
IT security Hacker attack on Acea. The company victim of ransomware from a Russian-speaking group by Arcangelo Rociola 02 February 2023
The operation took the name “Operation Cronos”. A spokesperson for the NCA and the US Department of Justice confirmed the operation to Reuters, claiming that it had effectively defeated the gang of cyber criminals. But it is not yet concluded, moving towards a phase of development that could bring new elements to investigators.
Lockbit: 1,700 attacks in 3 years, Italy among the most affected countries
According to the US Department of Justice, Lockbit has currently carried out more than 1,700 attacks worldwide. A bit in all sectors. In public administrations, as in the case of Italy, but also in private companies, as was the case with Accenture in 2021. In Italy but also in France, Japan, Switzerland, Sweden, the Netherlands and Germany. All attacks carried out with ransomware, developed and perfected over the years, which bears the name of the criminal group itself: Lockbit 1.0, then 2.0, 3.0 in subsequent versions. Ransomware is a virus that infects computer systems. It locks them behind encrypted codes to allow the attacker to ask for a ransom (ransom in English) from the affected company in exchange for freeing them.
Rip Effect Rest in peace, but not too much: this is how ransomware gangs make fun of their victims by Arturo Di Corinto 27 August 2021
Lockbit carried out its first attack in 2020. Cyber security experts identified its first moves in forums of cyber criminals who communicated in Russian, suggesting that the group was also Russian, or at least Russian-speaking. There is no evidence of this. And the criminal group itself has repeatedly reiterated in its claims that it has no political aims or motives behind it. Other analysts believe that the group was born in the Netherlands. Hypotheses which have not yet been confirmed.
Analysts: “Probably the biggest ransomware gang in existence”
According to analyst Jon Di Maggio, head of security firm Analyst1, Lockbit is a bit like the “Walmart of ransomware groups”, capable of managing their criminal actions “like you run a business“, he told Reuters. “They are probably the biggest ransomware gang today.”
In November last year, Lockbit hacked and published internal data from Boeing, one of the world‘s largest aerospace companies. In early 2023, Britain’s Royal Mail was attacked by the group, forced like all others to stop its services.