An international law enforcement operation on Monday seized servers and disrupted the infrastructure used by the LockBit ransomware syndicate, a government official confirmed to CyberScoop after websites used by the ransomware group displayed messages that they had been seized.

An operation carried out by the Federal Bureau of Investigation and the UK’s National Crime Agency together with a range of international partners took control of a site used by LockBit to leak data belonging to its victims, the group’s file share service and communications server, various affiliate and support servers and a server for LockBit’s administrative panel, the government official said.�

A LockBit representative confirmed the operation in an online message posted on X by VX-Underground, an online malware repository. “FBI pwned me,” the representative said.�

The takedown is the latest in a string of FBI operations targeted at disrupting cybercrime and cyberespionage infrastructure around the world under Rule 41, a legal framework that enables the FBI to access computers across multiple jurisdictions and modify them. Last week, the agency announced the takedown of a Russian military intelligence-controlled botnet. In January, the FBI disrupted a Chinese botnet used to penetrate sensitive U.S. targets.

LockBit first emerged in September 2019 and is believed to be the world’s most widely used ransomware variant.The takedown operation against LockBit raises questions about how lasting it will be. Previous operations against such groups have seen their operations temporarily disrupted only for the groups to return using new infrastructure. In December, the FBI seized some of ALPHV’s infrastructure, but the group “unseized it,” and a version of the site remains active.

Updated Feb. 19, 2024:This article has been updated with an exchange between LockBit and VX-Underground.

The post FBI, British authorities seize infrastructure of LockBit ransomware group appeared first on CyberScoop.