About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.

All About LockBit's Ransomware Attack That was Used to Extort $1 Billion From Victims

Authorities, as part of Operation Cronos, reveal LockBit's estimated $1 billion in ransom fees, challenging previous assumptions. The investigation sheds light on the cybercriminal group's extensive wealth and impact.
Getty Images | Photo by Manuel Medir
Getty Images | Photo by Manuel Medir

The mass migration towards the digital realm during the pandemic and its aftermath also exposed a larger number of people to cybercrime even before they could gain the required awareness to protect themselves. What followed was a surge in cyber attacks where the perpetrators used innovative ploys to either siphon off or extort money from unsuspecting victims.

In a shocking revelation, authorities investigating LockBit's finances estimate that the notorious ransomware group may have generated over $1 billion in ransom during its four-year reign of cyber terror. The findings of Operation Cronos, shed light on the unprecedented scale of LockBit's illicit wealth, surpassing previous estimates.

The Bitcoin trading graph in a window of a cryptocurrency exchange office | Getty Images | Photo by Chris McGrat
The Bitcoin trading graph in a window of a cryptocurrency exchange office (representative image)| Getty Images | Photo by Chris McGrat

As much as $114 million remained unspent, consisting mainly of payments from affiliates who received compensation from victims. The analysis based on data spanning an 18-month period from July 2022 to February 2024, revealed that LockBit typically claims around 20 percent of the total ransom fee, with the remaining 80 percent going to the affiliate responsible for executing the attack.

LockBit's four-and-a-half-year operation, which authorities successfully shut down recently, suggests that the total amount extorted could be in the realm of multi-billions of dollars. External data, including the average ransom demand of $1.5 million and the number of victims exceeding 2,000, reinforces the possibility that LockBit extracted billions from victims globally.

The findings defy previous reports that, as of June 2023, indicated US LockBit victims had paid "more than $90 million" in ransoms since 2020, a figure now deemed significantly underestimated.

Bundle of cash (representative image) | Getty Images | Photo by Joe Raedle
Bundle of cash (representative image) | Getty Images | Photo by Joe Raedle

LockBit's website, currently under the control of the UK's National Crime Agency (NCA), acknowledges the global impact of the cybercriminal enterprise. The South West Regional Organised Crime Unit, supported by Chainalysis, has played a pivotal role in tracking and monitoring cryptocurrency addresses linked to LockBit, revealing the extensive reach of the cybercriminal network.

Operation Cronos, a collaborative international effort led by the UK's National Crime Agency (NCA) and the US FBI, has successfully disrupted the operations of LockBit and has strategically exposed the inner workings of the prolific ransomware gang over a week-long series of leaks, labeled as the world's "most harmful cyber group." This task force achieved a significant breakthrough in the fight against cybercrime, exposing LockBit's technical infrastructure and seizing control of its public-facing leak site on the dark web. On February 20, authorities took control of LockBit's leak site, transforming it into an exposé hub that details the group's operations and has also obtained more than 1,000 decryption keys, which can help victims recover their data.

LockBit's leader had previously offered a $1 million reward for revealing their identity, a reward that the US escalated to $15 million this week, underscoring the severity of the group's criminal activities.

As the leak site is set to shut down permanently on Sunday, February 25, Operation Cronos marks a significant victory for the cybersecurity community. The expose on LockBit sends a strong message to cyber criminals, about what collective global efforts to combat ransomware and dismantle criminal enterprises can achieve.