Highlights:

  • LockBit’s leaks site, managed by the LockBit group, where it threatens to expose and publish stolen data from victims, is currently offline and has been substituted with the featured image.
  • Until the recent LockBit site leak, LockBit has consistently ranked among the most prolific ransomware groups and was identified as the most active threat actor globally in January 2023.

A global law enforcement initiative has effectively thwarted the notorious LockBit ransomware gang by dismantling its dark web leak site.

LockBit’s leaks site, managed by the LockBit group, where it threatens to expose and publish stolen data from victims, is currently offline and has been substituted with the featured image. The site now indicates it is under the jurisdiction of law enforcement, featuring a display of various country flags and police force logos representing the nations involved in the operation.

However, details regarding the operation remain undisclosed. The U.K. National Crime Authority and other participating entities in the operation are scheduled to issue a joint media release soon. The NCA has indeed confirmed the takedown. A representative informed Bleeping Computer that “we can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation.”

Bleeping Computer reports that while LockBit’s leak site is offline, some of the other gang’s dark web sites remain operational, including those used to host data and transmit private messages.

Lacking comprehensive details about the operation, it appears to be another minor setback for a prolific ransomware group, and likely not its first encounter with disruption. In 2024, the group is identified as LockBit 3.0, with the “3.0” denoting its third iteration following previous takedowns.

While law enforcement is compelled to pursue gangs like LockBit, it resembles a real-life game of Whac-A-Mole, where for every takedown, more groups inevitably emerge. Unless the undisclosed aspect of the takedown involves the arrest of every member of the gang by law enforcement agencies, LockBit is likely to resurface shortly.

The LockBit ransomware gang made its debut in 2020, operating under a ransomware-as-a-service model, wherein affiliates leverage pre-developed ransomware to carry out attacks. Until the recent LockBit site leak, LockBit has consistently ranked among the most prolific ransomware groups and was identified as the most active threat actor globally in January 2023.

In May 2023, among LockBit’s previous victims was Managed Care of North America Inc. In June 2022, a suspected affiliate of the gang was apprehended in Arizona, accused of participating in numerous LockBit ransomware attacks targeting victims across the United States, Asia, Europe, and Africa. In January, one of LockBit’s most recent victims was Foxsemicon Integrated Technology Inc., a subsidiary of Hon Hai Precision Industry Co. Ltd., commonly known as Foxconn.