LockBitSupp, the operator behind the notorious LockBit ransomware-as-a-service operation, has fulfilled one of his promises by bringing the LockBit leak site back online on backup domains. This move has set the stage for the unveiling of lists containing the names of victims who have fallen prey to this malicious cyber attack.
Last week, a significant blow was dealt to the LockBit RaaS gang as law enforcement authorities carried out Operation Cronos. As part of this operation, they seized control of the leak site and affiliate panel, disrupting a portion of the gang’s infrastructure and apprehending several suspected affiliates. This coordinated effort was aimed at dismantling the criminal activities of the LockBit group and bringing those responsible to justice.
Despite the crackdown, LockBitSupp, the mastermind behind the operation, remains at large. Law enforcement agencies hinted at revealing his true identity but only provided vague details, such as knowing where he resides and his approximate net worth. It was disclosed that LockBitSupp does not live in the US or the Netherlands as previously claimed, with speculations pointing to a country under sanctions, likely the Russian Federation.
Following the law enforcement operation, Operation Cronos also shared a list of LockBit 3.0 affiliates. While these affiliates were identified by their nicknames, this move was intended to instill fear among them and deter them from continuing their illicit activities. The public release of this list served as a warning to other potential cybercriminals that law enforcement agencies are actively tracking down those involved in ransomware attacks.
With the resurfacing of the leak site, LockBitSupp addressed the FBI in both English and Russian, acknowledging the lapse in security measures that led to the compromise of their servers. The message conveyed by LockBitSupp insinuated that the FBI had exploited a PHP vulnerability to infiltrate the servers and prevent the leaking of sensitive information stolen by the gang. Despite the interference by law enforcement, LockBitSupp maintains that they have backups of the stolen data and are taking measures to prevent future breaches.
In an attempt to reassure affiliates, LockBitSupp criticized the actions of the FBI as a ploy to discredit the operation and drive him out of the cybercriminal world. The message, which can be found on DataBreaches.net, aimed to reaffirm the trustworthiness of the LockBit operators and dismiss the efforts of law enforcement as mere intimidation tactics.
As the global fight against ransomware intensifies, it remains to be seen whether LockBit’s message will sway affiliates to remain loyal to the operation. Despite the setbacks faced by the LockBit gang, the prevalence of other ransomware-as-a-service groups highlights the ongoing challenge of combating cyber threats on a global scale. The efforts of law enforcement agencies, in coordination with various cybersecurity initiatives, represent a crucial step in addressing the pervasive ransomware menace and safeguarding digital infrastructure against malicious actors.