French officials arrested one person, British law enforcement arrested two, while Spanish authorities apprehended another suspect and seized servers critical to the cybercrime group’s operations, according to a Europol press release.
The actions by authorities are part of Operation Cronos, a long-running collective effort by law enforcement agencies in multiple countries to "effectively disrupt at all levels the criminal operations" of the group.
Between 2021 and 2023, LockBit wreaked havoc as the most widely employed cybercriminal group offering ransomware as a service. The group provided malware access to affiliates in return for a portion of the ransom payments made by victims. Affiliates targeted various organizations with the malware, including hospitals, schools, and Royal Mail.
Simultaneously, the United States, United Kingdom, and Australia imposed sanctions on individuals linked to Evil Corp, a Russian cybercrime group with connections to the Kremlin. According to the British National Crime Agency (NCA), Evil Corp has ties to LockBit.
The U.K., U.S., and Australia have jointly sanctioned individuals connected to Evil Corp which, according to the NCA, was directed by Russian intelligence services to conduct attacks against NATO members.
Evil Corp is responsible for cyberattacks that have stolen over $300 million over the last decade. Their attacks include the development and distribution of Didrex, a malware that stole victims' bank login credentials across 40 countries.
The group also developed other malware strains, such as Phoenix Locker, which resulted in a US$40 million ransom payment — the largest ever recorded at the time.
David Lammy, the U.K.'s Foreign Secretary, condemned Russia for allowing such activities to thrive under Putin’s regime, calling it a “mafia state.” Australia's Foreign Minister Penny Wong emphasized the importance of comprehensive sanctions to safeguard national security against increasing cyber threats.
These sanctions target key figures connected to the crime group, including Maksim Yakubets, the group’s leader, and members of his family. In 2019, the U.S. State Department placed a US$5 million bounty on Yakubets' head, along with his associate Igor Turashev.
Another individual sanctioned is Aleksandr Ryzhenkov, an affiliate of the LockBit ransomware gang and other groups offering ransomware as a service.