One of the world’s biggest criminal hacking gangs on Tuesday woke up to a startling discovery: Law enforcement, after taking over their main Web site on Monday, were now threatening to reveal their personal details and data about their cybercrime organization.
The group, LockBit, had become notorious in cybercrime circles for using malicious software called ransomware to digitally extort victims, relying on underground marketing campaigns to boost its profile.
At one point, LockBit had promised US$1,000 to anyone who tattooed their logo on themselves, cybersecurity researchers said.
Photo: Handout via Reuters
The group’s ringleader, known by the online moniker “LockBitSupp,” had also become so confident in their own anonymity that they had promised US$10 million to the first person who could find and unmask them, the British National Crime Agency (NCA) said.
The international law enforcement operation, which had posted on the extortion Web site on Monday that it had taken control, on Tuesday said it had re-engineered LockBit’s core online system — mimicking the countdown clock that LockBit used in extortion attempts and posing its own US$10 million challenge, a review of LockBit’s “dark Web” site showed.
The core online system was re-engineered to target the hackers in the same way they had terrorized victims: with an advent calendar-like series of tiles, each marked with a countdown timer that, upon reaching zero, published stolen data.
Across the Web site’s front page, where victim names once stood, law enforcement agencies replaced the text and links with internal data obtained by hacking the hackers themselves.
The resulting display was a smorgasbord of law enforcement action against LockBit, which included indictments, sanctions, a tool with which victims can decrypt their data, and a new countdown with two days left on the clock which asked: “Who is LockBitSupp? The $10 million question.”
Before it was taken down, LockBit’s Web site had displayed an ever-growing gallery of victim organizations that was updated nearly daily. Next to the names were digital clocks showing the number of days left to the deadline given to each organization to provide ransom payment.
In June last year, technology news Web site TechCrunch said that LockBit had targeted Taiwan Semiconductor Manufacturing Co, a month after claiming responsibility for a ransomware attack against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co.
The unique law enforcement operation was the result of a years-long investigation by international police agencies and was designed to undermine the group’s credibility in the criminal underground, officials said.
“LockBit’s affiliates should be very concerned right now, especially as law enforcement continues to make decryptors available to victims,” Mandiant Consulting chief technology officer Charles Carmakal said.
The US has charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.
Before it was seized by police, LockBit would often publish caches of stolen data from victimized companies that did not pay — such as personal private information of customers, medical records, internal billing data and the communications of internal staff, among other things.
The leaks were intended to harm the reputation of victims and put them in legal jeopardy, netting LockBit more than US$120 million in ransom payments, experts said.
NCA Director-General Graeme Biggar on Tuesday told reporters that the true cost, including money spent by organizations and corporations scrambling to regain access to their networks and the effect on business, could have amounted to losses totaling Additional reporting by staff writer
MONEY GRAB: People were rushing to collect bills scattered on the ground after the plane transporting money crashed, which an official said hindered rescue efforts A cargo plane carrying money on Friday crashed near Bolivia’s capital, damaging about a dozen vehicles on highway, scattering bills on the ground and leaving at least 15 people dead and others injured, an official said. Bolivian Minister of Defense Marcelo Salinas said the Hercules C-130 plane was transporting newly printed Bolivian currency when it “landed and veered off the runway” at an airport in El Alto, a city adjacent to La Paz, before ending up in a nearby field. Firefighters managed to put out the flames that engulfed the aircraft. Fire chief Pavel Tovar said at least 15 people died, but
LIKE FATHER, LIKE DAUGHTER: By showing Ju-ae’s ability to handle a weapon, the photos ‘suggest she is indeed receiving training as a successor,’ an academic said North Korea on Saturday released a rare image of leader Kim Jong-un’s teenage daughter firing a rifle at a shooting range, adding to speculation that she is being groomed as his successor. Kim’s daughter, Ju-ae, has long been seen as the next in line to rule the secretive, nuclear-armed state, and took part in a string of recent high-profile outings, including last week’s military parade marking the closing stages of North Korea’s key party congress. Pyongyang’s official Korean Central News Agency (KCNA) released a photo of Ju-ae shooting a rifle at an outdoor shooting range, peering through a rifle scope
India and Canada yesterday reached a string of agreements, including on critical mineral cooperation and a “landmark” uranium supply deal for nuclear power, the countries’ leaders said in New Delhi. The pacts, which also covered technology and promoting the use of renewable energy, were announced after Indian Prime Minister Narendra Modi and Canadian Prime Minister Mark Carney hailed a fresh start in the relationship between their nations. “Our ties have seen a new energy, mutual trust and positivity,” Modi said. Carney’s visit is a key step forward in ties that effectively collapsed in 2023 after Ottawa accused New Delhi
Gaza is rapidly running out of its limited fuel supply and stocks of food staples might become tight, officials said, after Israel blocked the entry of fuel and goods into the war-shattered territory, citing fighting with Iran. The Israeli military closed all Gaza border crossings on Saturday after announcing airstrikes on Iran carried out jointly with the US. Israeli authorities late on Monday night said that they would reopen the Kerem Shalom crossing from Israel to Gaza yesterday, for “gradual entry of humanitarian aid” into the strip, without saying how much. Israeli authorities previously said the crossings could not be operated safely during
RSS