All About LockBit's Ransomware Attack That was Used to Extort $1 Billion From Victims

The mass migration towards the digital realm during the pandemic and its aftermath also exposed a larger number of people to cybercrime even before they could gain the required awareness to protect themselves. What followed was a surge in cyber attacks where the perpetrators used innovative ploys to either siphon off or extort money from unsuspecting victims.

In a shocking revelation, authorities investigating LockBit's finances estimate that the notorious ransomware group may have generated over $1 billion in ransom during its four-year reign of cyber terror. The findings of Operation Cronos, shed light on the unprecedented scale of LockBit's illicit wealth, surpassing previous estimates.

Unveiling LockBit's billion-dollar empire

As much as $114 million remained unspent, consisting mainly of payments from affiliates who received compensation from victims. The analysis based on data spanning an 18-month period from July 2022 to February 2024, revealed that LockBit typically claims around 20 percent of the total ransom fee, with the remaining 80 percent going to the affiliate responsible for executing the attack.

The true extent of LockBit's operation

LockBit's four-and-a-half-year operation, which authorities successfully shut down recently, suggests that the total amount extorted could be in the realm of multi-billions of dollars. External data, including the average ransom demand of $1.5 million and the number of victims exceeding 2,000, reinforces the possibility that LockBit extracted billions from victims globally.

The findings defy previous reports that, as of June 2023, indicated US LockBit victims had paid "more than $90 million" in ransoms since 2020, a figure now deemed significantly underestimated.

LockBit's website, currently under the control of the UK's National Crime Agency (NCA), acknowledges the global impact of the cybercriminal enterprise. The South West Regional Organised Crime Unit, supported by Chainalysis, has played a pivotal role in tracking and monitoring cryptocurrency addresses linked to LockBit, revealing the extensive reach of the cybercriminal network.

Operation Cronos: Dismantling LockBit's legacy

Operation Cronos, a collaborative international effort led by the UK's National Crime Agency (NCA) and the US FBI, has successfully disrupted the operations of LockBit and has strategically exposed the inner workings of the prolific ransomware gang over a week-long series of leaks, labeled as the world's "most harmful cyber group." This task force achieved a significant breakthrough in the fight against cybercrime, exposing LockBit's technical infrastructure and seizing control of its public-facing leak site on the dark web. On February 20, authorities took control of LockBit's leak site, transforming it into an exposé hub that details the group's operations and has also obtained more than 1,000 decryption keys, which can help victims recover their data.

LockBit's leader had previously offered a $1 million reward for revealing their identity, a reward that the US escalated to $15 million this week, underscoring the severity of the group's criminal activities.

As the leak site is set to shut down permanently on Sunday, February 25, Operation Cronos marks a significant victory for the cybersecurity community. The expose on LockBit sends a strong message to cyber criminals, about what collective global efforts to combat ransomware and dismantle criminal enterprises can achieve.