One of the world’s biggest criminal hacking gangs on Tuesday woke up to a startling discovery: Law enforcement, after taking over their main Web site on Monday, were now threatening to reveal their personal details and data about their cybercrime organization.
The group, LockBit, had become notorious in cybercrime circles for using malicious software called ransomware to digitally extort victims, relying on underground marketing campaigns to boost its profile.
At one point, LockBit had promised US$1,000 to anyone who tattooed their logo on themselves, cybersecurity researchers said.
Photo: Handout via Reuters
The group’s ringleader, known by the online moniker “LockBitSupp,” had also become so confident in their own anonymity that they had promised US$10 million to the first person who could find and unmask them, the British National Crime Agency (NCA) said.
The international law enforcement operation, which had posted on the extortion Web site on Monday that it had taken control, on Tuesday said it had re-engineered LockBit’s core online system — mimicking the countdown clock that LockBit used in extortion attempts and posing its own US$10 million challenge, a review of LockBit’s “dark Web” site showed.
The core online system was re-engineered to target the hackers in the same way they had terrorized victims: with an advent calendar-like series of tiles, each marked with a countdown timer that, upon reaching zero, published stolen data.
Across the Web site’s front page, where victim names once stood, law enforcement agencies replaced the text and links with internal data obtained by hacking the hackers themselves.
The resulting display was a smorgasbord of law enforcement action against LockBit, which included indictments, sanctions, a tool with which victims can decrypt their data, and a new countdown with two days left on the clock which asked: “Who is LockBitSupp? The $10 million question.”
Before it was taken down, LockBit’s Web site had displayed an ever-growing gallery of victim organizations that was updated nearly daily. Next to the names were digital clocks showing the number of days left to the deadline given to each organization to provide ransom payment.
In June last year, technology news Web site TechCrunch said that LockBit had targeted Taiwan Semiconductor Manufacturing Co, a month after claiming responsibility for a ransomware attack against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co.
The unique law enforcement operation was the result of a years-long investigation by international police agencies and was designed to undermine the group’s credibility in the criminal underground, officials said.
“LockBit’s affiliates should be very concerned right now, especially as law enforcement continues to make decryptors available to victims,” Mandiant Consulting chief technology officer Charles Carmakal said.
The US has charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.
Before it was seized by police, LockBit would often publish caches of stolen data from victimized companies that did not pay — such as personal private information of customers, medical records, internal billing data and the communications of internal staff, among other things.
The leaks were intended to harm the reputation of victims and put them in legal jeopardy, netting LockBit more than US$120 million in ransom payments, experts said.
NCA Director-General Graeme Biggar on Tuesday told reporters that the true cost, including money spent by organizations and corporations scrambling to regain access to their networks and the effect on business, could have amounted to losses totaling Additional reporting by staff writer
With much pomp and circumstance, Cairo is today to inaugurate the long-awaited Grand Egyptian Museum (GEM), widely presented as the crowning jewel on authorities’ efforts to overhaul the country’s vital tourism industry. With a panoramic view of the Giza pyramids plateau, the museum houses thousands of artifacts spanning more than 5,000 years of Egyptian antiquity at a whopping cost of more than US$1 billion. More than two decades in the making, the ultra-modern museum anticipates 5 million visitors annually, with never-before-seen relics on display. In the run-up to the grand opening, Egyptian media and official statements have hailed the “historic moment,” describing the
‘CHILD PORNOGRAPHY’: The doll on Shein’s Web site measure about 80cm in height, and it was holding a teddy bear in a photo published by a daily newspaper France’s anti-fraud unit on Saturday said it had reported Asian e-commerce giant Shein (希音) for selling what it described as “sex dolls with a childlike appearance.” The French Directorate General for Competition, Consumer Affairs and Fraud Control (DGCCRF) said in a statement that the “description and categorization” of the items on Shein’s Web site “make it difficult to doubt the child pornography nature of the content.” Shortly after the statement, Shein announced that the dolls in question had been withdrawn from its platform and that it had launched an internal inquiry. On its Web site, Le Parisien daily published a
‘NO WORKABLE SOLUTION’: An official said Pakistan engaged in the spirit of peace, but Kabul continued its ‘unabated support to terrorists opposed to Pakistan’ Pakistan yesterday said that negotiations for a lasting truce with Afghanistan had “failed to bring about a workable solution,” warning that it would take steps to protect its people. Pakistan and Afghanistan have been holding negotiations in Istanbul, Turkey, aimed at securing peace after the South Asian neighbors’ deadliest border clashes in years. The violence, which killed more than 70 people and wounded hundreds, erupted following explosions in Kabul on Oct. 9 that the Taliban authorities blamed on Pakistan. “Regrettably, the Afghan side gave no assurances, kept deviating from the core issue and resorted to blame game, deflection and ruses,” Pakistani Minister of
UNCERTAIN TOLLS: Images on social media showed small protests that escalated, with reports of police shooting live rounds as polling stations were targeted Tanzania yesterday was on lockdown with a communications blackout, a day after elections turned into violent chaos with unconfirmed reports of many dead. Tanzanian President Samia Suluhu Hassan had sought to solidify her position and silence criticism within her party in the virtually uncontested polls, with the main challengers either jailed or disqualified. In the run-up, rights groups condemned a “wave of terror” in the east African nation, which has seen a string of high-profile abductions that ramped up in the final days. A heavy security presence on Wednesday failed to deter hundreds protesting in economic hub Dar es Salaam and elsewhere, some
RSS