An orchestrated worldwide operation targeting one of the most notorious groups of ransomware operators, LockBit, has frozen more than 200 cryptocurrency accounts linked to its activities. The U.S. Department of Justice (DOJ), Europol and law enforcement agencies of various countries cooperated in Operation Cronos.
Europol reported that two of the criminals responsible for LockBit were arrested in Poland and Ukraine, and two more defendants believed to be connected to the case were arrested in the United States. The U.S. Department of the Treasury and the Office of Foreign Assets Control (OFAC), has blacklisted ten bitcoin and ether addresses linked to the group.
Arkham Intelligence discovered that some of the addresses on OFAC’s list Tuesday were linked to deposit accounts on Binance, KuCoin and Coinspaid. These actions make it illegal for entities in the United States to provide any financial services to individuals or listed crypto addresses.
LockBit, accused of stealing more than $120 million from victims worldwide, uses a “Ransomware-as-a-Service” (RaaS) model. This means they develop and distribute ransomware tools to affiliates, who then use them in attacks, often targeting municipal entities and private companies.
Authorities have seized LockBit’s website and other websites, hampering its operations and communication channels. Europol also reports that decryption keys are being distributed to victims, allowing them to regain access to locked files without a ransom.
It was announced that police have recovered more than 1,000 decryption keys that were intended for victims of LockBit attacks. To help victims recover their encrypted data, authorities are trying to contact them.
“Thanks to our close cooperation, we hacked the hackers; we took control of their infrastructure, source code and obtained keys that will help victims decrypt their systems,” said Graeme Biggar, director general of the NCA.