Mar 24, 2024NewsroomRansomware / Threat Intelligence

German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services.

The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107) in cryptocurrency assets.

The operation, conducted in collaboration with law enforcement agencies from Germany, Lithuania, and the U.S., took place on March 20, 2024, following an extensive investigation that commenced in October 2022.

Founded in 2021, Nemesis Market is estimated to have had more than 150,000 user accounts and 1,100 seller accounts from all over the world prior to its shutdown. Almost 20$ of the seller accounts were from Germany.

“The range of goods available on the marketplace included narcotics, fraudulently obtained data and goods, as well as a selection of cybercrime services such as ransomware, phishing, or DDoS attacks,” the BKA said.

The agency said further investigations against criminal sellers and users of the platform are presently ongoing. That said, no arrests have been made.

The development comes a month after another coordinated law enforcement operation took down the LockBit ransomware group, taking control of the outfit’s servers and arresting three affiliates from Poland and Ukraine. The disruption prompted the gang to relaunch its cyber extortion operation.

In recent months, German authorities have also taken down Kingdom Market and Crimemarket, both of which boasted of thousands of users and offered a wide array of money laundering and cybercrime services.

Feb 20, 2024NewsroomDark Web / Cybercrime

An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns.

While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group’s .onion website displays a seizure banner containing the message “The site is now under the control of law enforcement.”

Authorities from 11 countries, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the U.K., and the U.S., alongside Europol participated in the joint exercise.

Malware research group VX-Underground, in a message posted on X (formerly Twitter), said the websites were taken down by exploiting a critical security flaw impacting PHP (CVE-2023-3824, CVSS score: 9.8) that could result in remote code execution.

Law enforcement agencies also left on a note on the affiliate panel, stating they are in possession of the “source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more,” adding it was made possible due to LockBit’s “flawed infrastructure.”

LockBit, which emerged on September 3, 2019, has been one of the most active and notorious ransomware gangs in history, claiming more than 2,000 victims to date. It’s estimated to have extorted at least $91 million from U.S. organizations alone.

According to data shared by cybersecurity firm ReliaQuest, LockBit listed 275 victims on its data leak portal in the fourth quarter of 2023, dwarfing all its competitors.

There is no word as yet of any arrest or sanctions, but the development is a definite blow to LockBit’s near-term operations and arrives two months after the BlackCat ransomware operation was dismantled by the U.S. government.

The coordinated takedown also coincides with the arrest of a 31-year-old Ukrainian national for gaining unauthorized access to Google and online bank accounts of American and Canadian users by deploying malware and selling access to other threat actors on the dark web for financial gain.