Law enforcement trolls LockBit, reveals massive takedown

In an act of exquisite trolling, the UK's National Crime Agency has announced further details about its disruption of the LockBit ransomware group by using the group's own dark web website.
Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world.
In the last 12 months it has racked up more than two and half times as many known attacks as its closest rival.
This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, 'Operation Cronos'.
The real treat was an updated version of the LockBit website that returned it to something resembling its former self.
Until yesterday, the secret dark web site was used to list details of the organizations being held to ransom by LockBit.
In a graphic illustration of just how comprehensively the LockBit group has been compromised, the green squares now detail published information about the takedown, while red squares tease further reveals for the coming days.
Today, after infiltrating the group's network, the NCA has taken control of LockBit's services, compromising their entire criminal enterprise.
As well as taking over the leak site, law enforcement agencies have taken over LockBit's administration environment, seized the infrastructure used by LockBit's data exfiltration tool, Stealbit, captured over 1,000 decryption keys, and frozen 200 cryptocurrency accounts.
Criminal affiliates who logged into the compromised environment were warned that the NCA knows all about their activities too, and the NCA reports that 28 servers belonging to LockBit affiliates have been taken down, too.
There are numerous reveals promised for the next few days, but the most tantalising is the imminent uncloaking of LockBit's leader and spokesperson, LockBitSupp.
In other words, it mimicked perfectly the way that ransomware gangs troll the world and each other.
The NCA signaled that it knows all about LockBit and the broader community of criminals it belongs to.
It knows that LockBit's affiliates and rivals will be watching, and looking over their shoulder.
Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
Use EDR or MDR to detect unusual activity before an attack occurs.
Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Keep backups offsite and offline, beyond the reach of attackers.
Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
You can learn more about the threat of big game ransomware like LockBit and ALPHV in our 2024 State of Malware report.


This Cyber News was published on www.malwarebytes.com. Publication date: Tue, 20 Feb 2024 19:43:05 +0000


Cyber News related to Law enforcement trolls LockBit, reveals massive takedown

U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
10 months ago Americansecuritytoday.com
Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit - For all its vaunted success, the LockBit ransomware operation appears to have already been beset by problems when an international law enforcement effort led by the UK's National Crime Agency shut it down this week. Though it's likely that the dozens ...
9 months ago Darkreading.com
EFF Reminds the Supreme Court That Copyright Trolls Are Still a Problem - At EFF, we spend a lot of time calling out the harm caused by copyright trolls and protecting internet users from their abuses. Copyright trolls are serial plaintiffs who use search tools to identify technical, often low-value infringements on the ...
1 year ago Eff.org
Law enforcement trolls LockBit, reveals massive takedown - In an act of exquisite trolling, the UK's National Crime Agency has announced further details about its disruption of the LockBit ransomware group by using the group's own dark web website. Since the demise of Conti in 2022, LockBit has been ...
10 months ago Malwarebytes.com
Congress Must Stop Pushing Bills That Will Benefit Patent Trolls - The U.S. Senate is moving forward with two bills that would enrich patent trolls, patent system insiders, and a few large companies that rely on flimsy patents, at the expense of everyone else. One bill, the Patent Eligibility Restoration Act would ...
9 months ago Eff.org
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
10 months ago Krebsonsecurity.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
11 months ago Bleepingcomputer.com
LockBit Ransomware Gang's Website Shut Down - The U.K. National Crime Agency's Cyber Division, the FBI and international partners have cut off ransomware threat actors' access to LockBit's website, which has been used as a large ransomware-as-a-service storefront. According to CISA, LockBit was ...
10 months ago Techrepublic.com
Police arrest four suspects linked to LockBit ransomware gang - Previous arrests of Lockbit ransomware actors (some of them already charged for various offenses) include Mikhail Pavlovich Matveev (aka Wazawaka) in May 2023, Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord) in February 2024, and ...
2 months ago Bleepingcomputer.com
How the Hive Takedown Impacts Ransomware Prevention - Ransomware experts are widely praising the takedown of the notorious "Hive" criminal infrastructure, but the potential impacts it may have on preventing ransomware ongoing and into the future remains a matter of debate. ...
1 year ago Therecord.media
Law enforcement agencies arrest 4 alleged LockBit members | TechTarget - Authorities arrested four suspected members of the LockBit ransomware gang during the third phase of the international law enforcement effort dubbed Operation Cronos. Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as ...
2 months ago Techtarget.com
Police arrested four new individuals linked to the LockBit ransomware operation - “Europol supported a new series of actions against LockBit actors, which involved 12 countries and Eurojust and led to four arrests and seizures of servers critical for LockBit’s infrastructure.” reads the press release published by ...
2 months ago Securityaffairs.com
Law enforcement conducts 'largest ever' botnet takedown - In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks. Europol on Thursday announced that an international law enforcement action, ...
6 months ago Techtarget.com
The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
1 year ago Securityboulevard.com
LockBit claim about hacking U.S. Federal Reserve fizzles - The LockBit ransomware gang claimed it had breached the U.S. Federal Reserve, but it ultimately leaked data belonging to a single bank. On June 23, LockBit listed the U.S. Federal Reserve on its data leak site and claimed to have obtained roughly 33 ...
5 months ago Techtarget.com
LockBit Ransomware Targets German Energy Agency Dena - Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group. The Dena cyberattack was revealed through a post on the threat actor's dark web platform, where they disclose data breach incidents and ...
1 year ago Heimdalsecurity.com
LockBit attacks continue via ConnectWise ScreenConnect flaws - Exploitation of two critical ConnectWise vulnerabilities continues to mount, with many attacks attributed to ransomware gangs such as LockBit. Last month, ConnectWise disclosed an authentication bypass vulnerability, tracked as CVE-2024-1708, that ...
9 months ago Techtarget.com
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
11 months ago Infosecurity-magazine.com
LockBit Ransomware Affiliate Sentenced to Prison in Canada - A Russian-Canadian national was sentenced to nearly four years in prison in Canada for his role in the LockBit ransomware operation. The man, Mikhail Vasiliev, 34, was arrested in October 2022 in his home in Bradford, Ontario. In February 2024, he ...
9 months ago Securityweek.com
Copycat Criminals mimicking Lockbit gang in northern Europe - Recent reports of Lockbit locker-based attacks against North European SMBs indicate that local crooks started using Lockbit locker variants. During the past months, the Lockbit gang reached very high popularity in the underground ecosystem. The ...
1 year ago Securityaffairs.com
Cops dismantled LockBit before latest variant hit market The Register - Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, ...
9 months ago Go.theregister.com
Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate - Western authorities on Tuesday named Russian national Aleksandr Ryzhenkov as one of the main members of the Evil Corp cybercrime group, as well as identifying him as an affiliate of the LockBit group. At the same time as identifying Ryzhenkov as one ...
2 months ago Therecord.media
'Operation Endgame' Hits Malware Delivery Platforms - Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. A frame from one of three ...
6 months ago Krebsonsecurity.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)