UK leads takedown of LockBit ransomware gang’s website

Share post:

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday.

The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website.

It says, “This site is now under the control of the National Crime Agency of the UK, working in close co-operation with the FBI and the international law enforcement task force, Operation Cronos.”

“This is an ongoing and developing operation,” the statement adds.

It suggests viewers check back at 11:30 GMT — which is 6:30 a.m. Tuesday Toronto time — for more news. There are no statements on the FBI or U.S. Justice department websites.

Reuters quotes an unnamed NCA spokesperson as confirming the action.

The new NCA splash screen says participating countries in the action include Canada, France, Japan, Switzerland, Germany, Australia, Sweden, the Netherlands and Finland.

Reuters quotes vx-underground, a cybersecurity research website, saying LockBit has posted messages in in Russian and shared on Tox, an encrypted messaging app, that the FBI hit its servers that run on the programming language PHP. The statement, which Reuters could not verify independently, added that the gang says it has backup servers without PHP that “are not touched”.

“This is likely the most significant disruption of a ransomware operation to date,” Brett Callow, a Canadian-based ransomware threat analyst at Emsisoft, said to

“Lockbit is one of the longest-running cybercrime operations and has demonstrated cockroach-like durability. This disruption sends a clear message that no group is bulletproof and its affiliates and other associates will be wondering whether law enforcement has captured information that points to them. There’s more risk than ever. Cybercrimals know they can no longer operate with the impunity they once had.

“Bottom line: this will not solve ransomware, but it’s nonetheless a very big win for the good guys.”

LockBit has been targeted for some time by law enforcement agencies. That led to the arrest in November, 2022 of a man in Bradford, Ont., for his alleged role in the gang. Mikhail Vasiliev pleaded guilty on February 8th to multiple counts involving cyber-extortion, mischief and weapons charges relating to acts in Canada, including ransomware attacks on Toronto’s Hospital for Sick Children and the Indigo book chain.

The U.S. wants to extradite him to face charges there.

Last June, cybersecurity agencies from seven countries including Canada and the U.S. released a joint background paper on the Lockbit ransomware gang.

Measured by the number of victims claimed on the LockBit data leak site, in 2022, the gang was the most active global ransomware group that year.

When that report was issued seven months ago, the U.S. estimated victim organizations in that country alone had paid the gang US$91 million in ransoms since LockBit activity was first seen in January, 2020. The U.S. estimated 16 per cent of reported ransomware attacks on American government entities in the country — including schools and police forces — were identified as LockBit.

Canada estimated LockBit was responsible for 22 per cent of attributed ransomware incidents in 2022.

The post UK leads takedown of LockBit ransomware gang’s website first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways