Seizure of 30,000 Bitcoins during LockBit withdrawal


Following the complete takedown of LockBit by law enforcement, the consequences have been far-reaching. Following the recent LockBit disruption, law enforcement authorities have discovered additional intelligence about the LockBit ransomware group and its network of affiliates, including numerous Bitcoin addresses and financial assets.

After the arrest of Russian nationalsArtur Sungatov and Ivan Gennadievich Kondratiev (aka Basserlord), authorities have discovered a trove of 30,000 Bitcoin addresses associated with LockBit ransomware and its affiliates.

This landmark decision not only inflicts a substantial financial setback on cybercriminals, but also sends a resounding message of deterrence to those hiding in the world’s clandestine depths. Dark Web.

The LockBit takedown campaign, known as Operation Cronos, marks a crucial step in ongoing efforts to dismantle cybercriminal networks. With 193 subsidiaries involved at the time of the seizure, the scale of LockBit’s operations is striking.

Notably, LockBit was also associated with other threat actors and groups, such as Evil Corp and FIN7, also known as Carbon Spider or Sangria Tempest.

The LockBit Takedown: The Operation Cronos Global Security Action Plan

Through Operation Cronos, information about the operation of LockBit and its subsidiaries was revealed, shedding light on the enormous profits accumulated over the years. A tweet from security researcher Dominic Alvieri offers some insight, revealing a message from the LockBit ransomware group significant financial gains accumulated during their four years of activity.

Removing LockBit
Source: Dominic Alvieri on X

Additionally, LockBit’s affiliation with various threat actors highlights the complex web of cybercriminal activity. EvilCorp, FIN7 and others are among 11 bad actors associated with LockBit, highlighting the interconnected nature of Dark Web actors.

The National Crime Agency, in collaboration with Operation Cronos, conducted a crypto chain analysis on the LockBit ransomware group, revealing insight into how they operate. From LockBit’s systems, approximately 30,000 BTC addresses were obtained, of which more than 500 were actively transacting on the market. blockchain.

LockBit Cronos withdrawal operation
Source: Dominic Alvieri on X

The collective value of these transactions exceeds £100 million based on the current BTC valuation, with over 2,200 BTC remaining unspent, for a total of over £90 million.

These funds consist of payments from both victims and LockBit affiliates, with a notable portion being the 20% fee paid to LockBit. As a result, actual ransom payments are significantly higher than initially estimated.

These funds include both victim payments and LockBit fees, as well as actual ransom payments. probably far exceeding these figures.

LockBit members arrested but they disagree

This news follows recent developments in the crackdown on LockBit’s cybercrime activities. Ukraine’s arrest of father-son duo linked to LockBit highlights international cooperation in fight against cyber threats. Likewise, the United States filed a complaint against two Russian nationals for the deployment of LockBit ransomware tools globally, highlighting the widespread impact of criminal activities associated with LocKbit.

Despite these repressive measures, the LockBit administration denies the legitimacy of the arrests, calling into question the credibility of law enforcement. By offering a substantial bounty for information about its members, LockBit calls into question the investigative capabilities of authorities, signaling a stance of defiance in the face of increased surveillance.

In essence, the takedown of LockBit and its affiliates represents a long-awaited victory in the ongoing fight against cybercrime. However, as cybercriminals adapt and evolve, sustained collaboration and innovation will be crucial to staying ahead in the fight to safeguard digital ecosystems.

Fixing the fallout: Authorities offer decryptors to victims

Authorities provide decryption tools to LockBit 3.0 victims ransomware attack. Upon accessing the designated site, users encounter a message indicating control by the UK, US and the Cronos Task Force, as well as law enforcement agencies like the National Crime Agency and Europol.

Operation Cronos

The site provides updates on investigations, including recent FBI indictments and U.S. sanctions against cyberthreat actors. Additionally, a recovery tool developed in Japan is being highlighted to access encrypted files, expanding Europol’s #Nomoreransom initiative.

Notably, a redirect ban is enforced on LockBit 3.0, while authorities offer decryption and recovery assistance. The site focuses on reporting cyberattacks and provides information on cyber choices. Recent activities in Poland and Ukraine are also documented. Overall, as part of ongoing law enforcement and international cooperation efforts, victims are encouraged to use available tools and resources to combat LockBit 3.0 ransomware threat.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber ​​Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment