Law enforcement agencies have arrested four individuals suspected of involvement with the LockBit ransomware group. The suspects include a developer, a bulletproof hosting service administrator, and two others allegedly connected to the group’s operations.
This coordinated operation also resulted in the seizing of LockBit infrastructure servers. It involved police officers from Operation Cronos, a task unit supervised by the United Kingdom. The National Crime Agency (NCA) is driving a global LockBit crackdown and investigation, which began a couple of years ago.
According to Europol, a suspected LockBit ransomware developer was apprehended in August 2024 at the request of French authorities while on vacation outside of Russia. The same month, the UK’s National Crime Agency (NCA) detained two more people who speculated about LockBit’s activity. One of them was believed to be involved with a LockBit affiliate.
In addition, the second person was arrested simultaneously on accusations of money laundering. In a separate move, Spain’s Guardia Civil detained the admin of a bulletproof hosting provider used to protect LockBit’s infrastructure at Madrid Airport.
The collaboration of three countries has resulted in the sanctioning of a LockBit ransomware associate.
Earlier this week, Australia, the UK, and the US announced sanctions on an individual the UK NCA says is a notorious LockBit ransomware associate linked to Evil Corp. Additionally, the UK sanctioned 15 additional Russian people implicated in Evil Corp’s criminal actions. In contrast, the United States sanctioned six, and Australia targeted two.
Europol highlighted that these actions follow the huge interruption of LockBit infrastructure last February and the extensive sanctions and operational actions imposed on LockBit administrators in May and succeeding months.
The LockBit group emerged in September 2019 and has since claimed responsibility for various major attacks on companies and organisations worldwide. Some of the group’s most well-known attacks are against Bank of America, Boeing, Continental Automobile Company, the UK Royal Mail, and the Italian Internal Revenue Service.
The US Department of Justice and the UK NCA believe that the gang has successfully extorted nearly a billion dollars from at least 7,000 attacks between 2022 and 2024.