LOCKBIT

Closure of more than 14,000 rogue accounts

LockBit is also infamous for having experimented with new methods for pressuring their victims into paying ransoms. Triple extortion is one such method, which includes the traditional methods of encrypting the victim's data and threatening to leak it, but also incorporates Distributed Denial-of-Service (DDoS) attacks and intimidating phone calls as an additional layer of pressure. In the course of the operation, law enforcement agencies involved in Operation CRONOS managed to identify and refer for removal more than 14 000 accounts (Mega/Tutanota/Protonmail) responsible for exfiltration or infrastructure. This account closure was made possible by the New-Zealand police cyber unit, German State Bureau of Criminal Investigation Schleswig-Holstein and Zurich Cantonal Police of Switzerland. With each account representing a conduit for ill-gotten gains, this coordinated action strikes at the heart of cybercriminal operations, severely hampering their ability to profit from their nefarious activities.
Additional analysis from Europol’s European Cybercrime Centre also showed that some accounts were used to perform attacks using other ransomware variants.