Operation Cronos: FBI, UK's NCA take down notorious Lockbit cybercrime gang

In a significant development in the ongoing battle against cybercrime, the notorious Lockbit ransomware gang has been targeted in a coordinated international law enforcement operation. The operation, led by Britain’s National Crime Agency (NCA), the US Federal Bureau of Investigation (FBI), Europol, and a coalition of international police agencies, marks a rare collaborative effort to disrupt a prominent cyber threat.

According to statements posted on Lockbit’s extortion website, the NCA has assumed control of the site, working in tandem with the FBI and the international law enforcement task force known as ‘Operation Cronos’. Both NCA and US Department of Justice representatives have confirmed the disruption, highlighting that the operation is ongoing.

Lockbit, recognized as one of the world’s top ransomware threats, has targeted over 1,700 organizations in the United States alone, spanning various sectors including financial services, education, transportation, and government departments. The gang’s modus operandi involves stealing sensitive data and demanding hefty ransoms under the threat of data leaks.

More from Tech

Perplexity offers $34.5bn for Google’s Chrome in bid to challenge search dominance Musk threatens Apple with lawsuit over alleged App Store bias toward OpenAI

While Lockbit affiliates have launched attacks against major organizations worldwide, the gang’s exact origins remain elusive. Initially surfacing in 2020 on Russian-language cybercrime forums, Lockbit’s affiliation with any specific nation-state remains unconfirmed. The group has maintained a mercenary stance, professing a singular focus on financial gain.

Jon DiMaggio, Chief Security Strategist at Analyst1, likened Lockbit to the “Walmart of ransomware groups,” emphasizing its business-like approach to cybercrime and its dominance in the ransomware landscape.

The recent takedown comes after Lockbit’s brazen activities, including the publication of internal data from Boeing and a disruptive attack on Britain’s Royal Mail. Following the law enforcement action, screenshots shared by cybersecurity research website vx-underground on social media revealed the replacement of Lockbit’s control panel with a message from authorities, indicating the acquisition of sensitive information and a potential crackdown on affiliates.

Impact Shorts

View All

Best phones under Rs 30,000 (Aug 2025): Realme GT 6, Motorola Edge 60 Pro to OnePlus Nord 4 5G

Best phones under Rs 25,000 (Aug 2025): Poco F6 5G, Realme P3 Ultra 5G to iQOO Z10 5G

Lockbit’s website, previously showcasing a catalogue of victim organizations and countdown timers to ransom deadlines, now features a countdown initiated by law enforcement agencies. Industry experts, such as Don Smith from Secureworks, underline the significance of this operation, highlighting Lockbit’s dominant position in the ransomware market and the impact of the disruption on the cybercriminal landscape.

As the investigation progresses, stakeholders await further updates on the outcome of this operation, underscoring the global effort to combat cyber threats and protect organizations from ransomware attacks.