LockBit Ransomware Darknet Domains Seized in Global Law Enforcement Raid

LockBit Ransomware

An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups. This is the latest in a long list of digital deletions.

While the full extent of the effort, codenamed Operation Kronosis currently unknown, visiting the group’s .onion website displays a seizure banner with the message “The site is now under law enforcement control.”

Authorities from eleven countries, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the UK and the US, participated in the joint exercise alongside Europol.


Malware research group VX-Underground, in a message posted on X (formerly Twitter), said the websites were taken down by exploiting a critical security flaw that impacted PHP (CVE-2023-3824CVSS score: 9.8) that could lead to remote code execution.

Also law enforcement agencies left on a note on the affiliate panel, stating that they are in possession of the “source code, details of the victims you attacked, the amount of money extorted, the stolen data, chats and much, much more”, adding that it was made possible due to LockBit’s ‘poor infrastructure’.

Originating on September 3, 2019, LockBit is one of the most active and infamous ransomware gangs in history, claiming more than 2,000 victims to date. It is estimated that the organization has extorted at least $91 million in the US alone.

According to data shared by cybersecurity firm ReliaQuest, LockBit listed 275 victims on its data breach portal in the fourth quarter of 2023, dwarfing all competitors.


There’s no word yet on any arrests or sanctions, but the development is a clear blow to LockBit’s short-term business and comes two months after the BlackCat ransomware operation was dismantled by the US government.

The coordinated takedown also coincides with the arrest of one 31 year old Ukrainian citizen to gain unauthorized access to Google and online bank accounts of US and Canadian users by deploying malware and selling access to other threat actors on the dark web for financial gain.

#LockBit #Ransomware #Darknet #Domains #Seized #Global #Law #Enforcement #Raid

Notify of
Inline Feedbacks
View all comments
Previous Post
Iran and Hezbollah Hackers

Hackers from Iran and Hezbollah launch attacks to influence the narrative of Israel and Hamas

Next Post
Spyware Firms

Meta warns of 8 spyware companies targeting iOS, Android and Windows devices

Related Posts