Lockbit, the hacker group considered “the most harmful in the world”, was the target, on Monday February 19, of an operation coordinated in ten countries, by the National Gendarmerie, the FBI and Europol in particular. What is the real scope of this spectacular dragnet? And didn’t we declare victory too quickly?
:quality(50)/2023/11/09/benjamin-vincent-pic-654cbdc329600924182206.png)
Published
Update
Reading time: 3 min
:quality(50)/2024/02/23/lockbit-sized-65d8e3e96df0b048112897.jpeg)
When Europol’s deputy executive director of operations, Jean-Philippe Lecouffe, rejoices, on franceinfo, at having “decapitated” Lockbit, some cybersecurity specialists do not completely share this optimism.
Indeed, nothing separates a dragnet from a swipe of a sword in the water, in this often impenetrable universe, but it is also one of the reasons to believe in the reality of this dismantling: certain pirates sometimes feel so sheltered and out of reach that they neglect to protect their backs; they take neither the time nor the trouble to set up redundant servers or make backups. To plan everything that would allow them, in such a case, to restart their activity fairly quickly.
On paper – it’s true – this operation called ‘Cronos’ deals a very hard blow to this network of hackers, which emerged in 2019 and which gave its name to Lockbit 3, its ransomware, “ransomware” in French: one of these programs that penetrates a computer network through a breach and paralyzes it, while awaiting payment of a ransom. In five years, we are talking about at least 100 million euros extorted, and several billion dollars in damage caused.
Two motivations: money and ego
The main motivation of hackers: money, but not only. The other sensitive cord is the ego. Lockbit wasn’t just hit. The structure was also discredited, “ridiculed”, says number 2 of Europol: the authorities even took control of Lockbit’s own site, to display the faces of the hackers, the arrest warrants, the seized cryptocurrency accounts , and computer antidotes; a site intended for Lockbit customers, who used the software for their own misdeeds, in exchange for a commission paid to the organization, estimated at 20%.
And so, be careful of the desire for revenge, even vengeance – if that is even possible. If they were not already, the 10 countries behind Operation Cronos risk becoming priority targets in the event of Lockbit reappearing. The technical infrastructure is – of course – in the hands of the police but, a priori, the head of the organization which calls itself LockbitSupp, is still at large, as are several Russian nationals who probably risk nothing in Russia .
Five months until the Paris 2024 Olympics
France is not just any one of these ten countries. First, in 2022, it was the second most targeted country in Europe after Germany according to Anozr Way. Then, the starting point of the investigation which led to Monday’s raid was a computer attack carried out by Lockbit, in January 2022, against the website of the French Ministry of Justice. In five years, more than 200 companies and administrations in France have been targeted by Lockbit. We think of the hospitals of Corbeil-Essonnes and Versailles, the Poste Mobile, Thalès, Voyageurs du monde or Nuxe cosmetics.
We are also thinking about the Paris Games which start in 5 months. The timing could give Lockbit enough time to rise from the ashes before the opening of what will be the most watched event, worldwide, in 2024.