2024-02-22
Law Enforcement Turns Tables on LockBit
The authorities who took control of the website that the LockBit ransomware group used to leak stolen data are now using the site to slowly leak details about the ransomware group’s operations. Disclosed information includes LockBit-related arrests in Ukraine and Poland, decryption keys, and recovery tools.
Editor's Note
If you have been affected by LockBit, reach out to your local FBI contact to see if they have decryption keys available for you. At the same time: LockBit, the malware, is still around and modified installers have been sighted.
Johannes Ullrich
It appears that authorities are giving the LockBit organizers the digital middle finger as well as disclosing the identities of the two organizers to draw them into the open. Aside from watching that theatre play out, continue to expect variations/new generations of their ransomware. The other takeaway is that law enforcement has keys for LockBit, subsequently, decryption and/or recovery tools are available for free.
Lee Neely
The other shoe has dropped. Broadcasting the complete take-over via seized infrastructure must sting. Well-played by international law enforcement authorities. The only remaining question: will the evildoers learn their lesson or simply look to build new infrastructure and continue with the ransomware game?
Curtis Dukes
Again, well done to all involved. The intelligence data gathered by law enforcement during this operation will have many who are either directly involved in LockBit, or who are affiliates, looking over their shoulders for many years to come. This operation will hopefully become the template for many future operations to disrupt and detain other cybercriminal gangs.
Brian Honan
Read more in
Ars Technica: After years of losing, it’s finally feds’ turn to troll ransomware group
The Register: Cops turn LockBit ransomware gang's countdown timers against them
Europol: Law enforcement disrupt world’s biggest ransomware operation
Krebs on Security: Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
The Record: LockBit takedown: Police shut more than 14,000 accounts on Mega, Tutanota and Protonmail
Bleeping Computer: LockBit ransomware secretly building next-gen encryptor before takedown
The Register: Ukrainian police arrest father and son in suspected LockBit affiliate double act
The Register: LockBit leaks expose nearly 200 affiliates and bespoke data-stealing malware