Europol has announced a major crackdown on the notorious LockBit ransomware group, involving coordinated actions across 12 countries as part of Operation Cronos.
The international effort, which also included Eurojust, led to four key arrests and the seizure of critical servers used by LockBit. Authorities in France, the UK, Spain, and other countries targeted affiliates and infrastructure crucial to the ransomware group’s operations.
One of the arrests was of a suspected LockBit developer in France, while British authorities detained two individuals linked to a LockBit affiliate. Spanish police seized nine servers and arrested an administrator of a hosting service tied to the group.
Additionally, authorities in Australia, the UK, and the US imposed sanctions on individuals connected to LockBit and Evil Corp, a notorious cybercrime organization, further weakening the ransomware group’s global reach.
LockBit has been one of the most prolific ransomware operators since 2021, with attacks targeting critical sectors like healthcare, financial services, and energy. The ransomware group operates on a “ransomware-as-a-service” model, offering its software to affiliates who carry out attacks. These new enforcement actions mark the third phase of a long-running effort to dismantle the group.
In a positive turn for victims, Europol, along with global cybersecurity partners, has been instrumental in developing decryption tools available through the “No More Ransom” initiative, helping millions of victims recover encrypted files for free.
