Lockbit was the most dangerous ransomware group in the world. Its administrator has been arrested in Madrid

A Belarusian citizen has been detained at Madrid’s Barajas Airport. According to the General Directorate of the Civil Guard and Europol, it is the administrator of the Lockbit Group. One of the leaders of the most dangerous ransomware group in recent years, responsible for attacks on more than 2,500 companies in 120 countries.

An international operation. Police groups from around the world, including European groups, ranging from the FBI in the United States to the NCA in the United Kingdom, have participated in the arrests. A total of 12 police forces will try to destroy the most dangerous group of cyber attackers.

As reported by Interior, the Central Operational Unit of the Civil Guard (UCO), within the framework of its investigation against the Lockbit 3.0 ransomware, has been in charge of identifying the detainee.

Nine major Lockbit servers. As described by Europol, Spanish agents have seized nine key servers from Lockbit Group’s cloud infrastructure.

The captive service provider was the administrator of Bullet Proof Hosting, the service used by the group for Lockbit 3.0. After this operation, the group’s website has gone into the hands of the authorities.

He is not the only person arrested. The detainee in Barajas is considered one of the key members of the group, but he is not the only detainee. At the same time, searches have been conducted in 12 countries and one person in France, two people related to Lockbit in the United Kingdom and the administrator of the group in Spain have been arrested.

In February 2024, Europol announced that it had managed to destroy Lockbit in the so-called ‘Operation Chronos’. However, the group has continued to operate in a dispersed manner. These arrests are another major step towards dismantling the cyber criminal group.

Why is Lockbit so dangerous? Since 2019, ransomware created by this group has led to cyber attacks across the world. The significance of Lockbit is that it created what is known as RaaS (‘ransomware as a service’). That is, they promoted cybercrime by allowing people with low technical knowledge to carry out cyberattacks.

Dmitry Khoroshev is still being searched for and has been captured. Lockbit’s supplier has been arrested, but not the group’s leader. Russian Dmitry Khoroshev, nicknamed ‘Lockbitsupp’, is still free. There is a reward of up to 10 million dollars on him. He is considered the world’s most wanted cyber criminal.

In Xataka A coalition of 30 countries, including Spain, is preparing to defeat ransomware: they will not pay ransom