Law Enforcement Disrupt LockBit: World’s Biggest Ransomware Operation

22 feb 2024
Auteur: HSD Foundation

In a significant breakthrough in the fight against cybercrime, law enforcement from 10 countries, amongst the Netherlands, have disrupted the criminal operation of the LockBit ransomware group at every level, severely damaging their capability and credibility.


LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage. This international sweep follows a complex investigation led by the UK's National Crime Agency in the framework of an international taskforce known as ‘Operation Cronos’, coordinated at European level by Europol and Eurojust.


The months-long operation has resulted in the compromise of LockBit’s primary platform and other critical infrastructure that enabled their criminal enterprise. In addition, two LockBit actors have been arrested in Poland and Ukraine and three international arrest warrants and five indictments have been issued. Authorities have frozen more than 200 cryptocurrency accounts linked to the criminal organisation, underscoring the commitment to disrupt the economic incentives driving ransomware attacks.


The UK's National Crime Agency has now taken control of the technical infrastructure that allows all elements of the LockBit service to operate, as well as their leak site on the dark web, on which they previously hosted the data stolen from victims in ransomware attacks.



Operation Cronos is an international collaboration between public and private parties. The Dutch Police, Dutch Public Prosecutor’s Office and Prodaft (located at the HSD Campus in The Hague) were also involved.


Prodaft: "Since LockBit’s first entry into the cybercrime ecosystem, we have been assisting National Crime Agency, FBI and other partners of operation Cronos to better comprehend and disrupt this large criminal enterprise. Researching this ill-famous cybercrime syndicate has been challenging, but our investigations led us to identify over 28 affiliates and uncover all decryption keys for their ongoing campaigns. The research enabled us to gain in-depth visibility into each affiliate’s structures, including ties with other notorious groups such as FIN7, Wizard Spider, and EvilCorp. We diligently shared our findings with authorized law enforcement agencies to ensure meticulous deconfliction".



Report cybercrime to the police

This investigation shows that law enforcement has the capabilities to disrupt high harm cybercriminals and reduce the ransomware threat. However, continued victim and private sector engagement is key to us continuing this work. The first step to putting cybercriminals behind bars is to report cybercrime when it happens. The earlier people report, the quicker law enforcement is able to assess new methodologies and limit the damage they can cause.


Reporting cybercrime can be as simple as clicking a button on a web browser. Europol has compiled a list of the reporting websites in EU Member States.


More information 

Click here for more information about the operation and countries involved (Europol)

Click here for the official press release of the Dutch Police.

Watch the item on RTL News 


Source & visual: Europol

Betrokken HSD partners