International police operation takes down world’s most harmful ransomware criminals

More than 200 cryptocurrency accounts allegedly owned by the ransomware group have been frozen by law enforcement, stripping the group of significant profits.

The world’s most prolific ransomware group has been disrupted as a result of an international investigation involving law enforcement agencies from 10 countries, including the AFP.

The ransomware group was allegedly responsible for running LockBit, which has caused billions of dollars’ worth of harm across the globe, including millions to Australian individuals and businesses, since it was first identified in 2019.

The Europol-led investigation, known as Operation Cronos, has disrupted LockBit’s critical infrastructure. This included its primary platform and 34 servers across Australia, Netherlands, Germany, Finland, France, Switzerland, the United States and the United Kingdom.

- Advertisement -

France’s National Gendarmerie arrested two alleged LockBit actors in Poland and Ukraine, and a further three arrest warrants and five indictments have been issued by French and US law enforcement.

Assistant Commissioner Scott Lee said the international investigation was a significant breakthrough in the global fight against cybercrime.

“Cybercrime is not restricted by borders and tackling this crime type requires a united, global response from law enforcement. The AFP continues to work closely with our international law enforcement partners, as demonstrated through the recent disruption of the BlackCat ransomware group.”

Assistant Commissioner Lee added:

“This latest takedown is yet another example of the powerful outcomes that can be achieved through a united law enforcement front. This investigation has not only taken down the world’s most prolific ransomware group, but also damaged the group’s reputation and credibility beyond repair. We have obtained a vast amount of data from investigations so far and will continue to follow all leads and bring those responsible to justice.”

More than 200 cryptocurrency accounts allegedly owned by the ransomware group have been frozen by law enforcement, stripping the group of significant profits.

Authorities have obtained a significant amount of data since the investigation started, after the UK National Crime Agency took over LockBit’s technical infrastructure. Further arrests across the globe are expected.

LockBit was known to criminals as a ‘ransomware-as-a-service’ product, meaning criminals with little to no technological skills could purchase and use a ready-made ransomware program to attack their victims.

- Advertisement -

Ransomware is a type of malicious software that once installed onto a device or networks, encrypts the data and files, making them unusable. Cybercriminals use ransomware to extort payments from victims in exchange for the recovery of, and ability to regain access to the encrypted data.

Australia continues to experience persistent and pervasive cybercrime threats that target critical infrastructure, governments, industry and the Australian community.

The emergence of ‘ransomware-as-a-service’ has allowed criminals with relatively low technical capability to deploy sophisticated attacks.

In response to this growing threat, the AFP and the Australian Signals Directorate (ASD) established Operation Aquila in November 2022 to investigate, target and disrupt cybercriminal syndicates, with a priority on ransomware threat groups.

Under Operation Aquila, the AFP and ASD investigate the highest priority cyber criminals targeting Australia, including the LockBit and BlackCat ransomware groups.

AFP’s contribution to the operation includes criminal investigations, target development and disruption, and engagement with key international partners. In the 2022-23 financial year, this included analysing 204 ransomware incidents, undertaking 18 proactive preventative engagements and distributing 10 intelligence products.

Support Our Journalism

Global Indian Diaspora needs fair, non-hyphenated, and questioning journalism, packed with on-ground reporting. The Australia Today – with exceptional reporters, columnists, and editors – is doing just that. Sustaining this needs support from wonderful readers like you.

Whether you live in Australia, the United Kingdom, Canada, the United States of America, or India you can take a paid subscription by clicking Patreon. Buy an annual ‘The Australia Today Membership’ to support independent journalism and get special benefits.