Over 200 Crypto Accounts Linked to Ransomware Operator LockBit Frozen

A coordinated international operation has targeted one of the leading ransomware operator group LockBit, freezing over 200 cryptocurrency accounts linked to their activities.

The action, dubbed Operation Cronos, involved collaboration between the U.S. Department of Justice (DOJ), Europol, and law enforcement agencies from multiple countries.

Europol said that two LockBit actors had been arrested in Poland and Ukraine, and that a further two defendants, thought to be affiliates, had been arrested and charged in the US.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) blacklisted 10 bitcoin and ether addresses associated with the group.

Data from Arkham Intelligence revealed that some OFAC-listed addresses on Tuesday were linked to deposit accounts on KuCoin, Coinspaid, and Binance.

These actions effectively block U.S. entities from providing any financial services to the individuals or the listed crypto addresses.

LockBit, accused of stealing over $120 million from victims worldwide, employs a “Ransomware-as-a-Service” (RaaS) model. This means they develop and distribute ransomware tools to affiliates who then deploy them in attacks, often targeting municipal entities and private companies.

Decryption Keys Being Distributed to LockBit’s Victims

As reported earlier, authorities seized LockBit’s website and various pages, hindering their operations and communication channels. Additionally, Europol reports that decryption keys are being distributed to victims, offering them a chance to regain access to their locked files without paying ransoms.

As per the announcement, the law enforcement agencies recovered more than 1,000 decryption keys earmarked for victims of LockBit’s attacks. The authorities will be contacting those victims to aid them in the recovery of encrypted data.

The NCA’s director general, Graeme Biggar, said, “Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems.”