Skip to content

LockBit suffers financial sanctions and four arrests as part of Operation Cronos

  • by
  • 3 min read

2024 gets increasingly worse for the LockBit ransomware gang. Europol has made four arrests in an operation involving 12 countries, seized nine servers, and imposed sanctions against an actor the British National Crime Agency (NCA) identified as a “prolific affiliate” of LockBit.

A suspected LockBit developer was arrested in August at the request of the French Gendarmerie after reports of the suspect holidaying in a region that had an extradition agreement with France. In the same month, British authorities also nabbed two individuals — one for suspected ties to a LockBit affiliate and one for suspected money laundering.

Finally, the Spanish Guardia Civil also arrested a suspect at Madrid airport for owning a bulletproof hosting service that allowed bad actors to abuse the internet. The identity of all four arrested individuals hasn’t been revealed yet.

This is an image of lockbit website europol
The now-defunct LockBit website is under the control of authorities. | Source: Europol

The sanctions, imposed by Australia, the UK, and the US, come against an affiliate of LockBit that was also strongly linked to Evil Corp, following LockBit’s claims that the two don’t work together. Twenty-three other Russian individuals were also sanctioned: 15 by the UK for their involvement in Evil Corp’s criminal activities, six by the US, and two by Australia.

These arrests have come on the back of the success of a previous operation in February 2024, which helped authorities gain access to a treasure trove of data from the ransomware gange and took over its website. The site is being updated as Operation Cronos continues to make progress. As reported by The Register, law enforcement is also enjoying its rare win over cybercriminals by posting spirited messages on the now-defunct site. It currently reads

“Once again, we thank Dmitry Khoroshev a.k.a LockBitSupp for allowing us to compromise his platform and discover all this juicy data (it’s keeping our teams busy!)”

Another worrying discovery from the February LockBit data leak was that the ransomware gang wasn’t deleting any of the victims’ data even after receiving a ransom. Analysis revealed that when LockBit affiliates thought they were deleting data, they sent a request back to LockBit headquarters, which then decided whether the data was deleted. Authorities report that the ransomware gang never deleted any data from 2022 onward.

In the News: Nintendo’s legal pressure shuts down Ryujinx switch emulator

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Russian pro basketball player arrested on ransomware charges

This is an image of tik tok 39239

Ireland launches fresh investigation into TikTok over data transfer to Chinese servers

Illustration: jmiks | shutterstock

British NCA arrest four for hacking M&S, Co-op, and Harrods

A mcdonald's sign on a pole.

McDonald’s AI bot leaks job applicants’ data

This is an image of dprk north korea flag

US sanctions North Korean hacker for running fraud IT worker scheme

This is an image of ransomware 32988sd

M&S confirms April cyberattack was ransomware

>