One of the world’s biggest criminal hacking gangs on Tuesday woke up to a startling discovery: Law enforcement, after taking over their main Web site on Monday, were now threatening to reveal their personal details and data about their cybercrime organization.
The group, LockBit, had become notorious in cybercrime circles for using malicious software called ransomware to digitally extort victims, relying on underground marketing campaigns to boost its profile.
At one point, LockBit had promised US$1,000 to anyone who tattooed their logo on themselves, cybersecurity researchers said.
Photo: Handout via Reuters
The group’s ringleader, known by the online moniker “LockBitSupp,” had also become so confident in their own anonymity that they had promised US$10 million to the first person who could find and unmask them, the British National Crime Agency (NCA) said.
The international law enforcement operation, which had posted on the extortion Web site on Monday that it had taken control, on Tuesday said it had re-engineered LockBit’s core online system — mimicking the countdown clock that LockBit used in extortion attempts and posing its own US$10 million challenge, a review of LockBit’s “dark Web” site showed.
The core online system was re-engineered to target the hackers in the same way they had terrorized victims: with an advent calendar-like series of tiles, each marked with a countdown timer that, upon reaching zero, published stolen data.
Across the Web site’s front page, where victim names once stood, law enforcement agencies replaced the text and links with internal data obtained by hacking the hackers themselves.
The resulting display was a smorgasbord of law enforcement action against LockBit, which included indictments, sanctions, a tool with which victims can decrypt their data, and a new countdown with two days left on the clock which asked: “Who is LockBitSupp? The $10 million question.”
Before it was taken down, LockBit’s Web site had displayed an ever-growing gallery of victim organizations that was updated nearly daily. Next to the names were digital clocks showing the number of days left to the deadline given to each organization to provide ransom payment.
In June last year, technology news Web site TechCrunch said that LockBit had targeted Taiwan Semiconductor Manufacturing Co, a month after claiming responsibility for a ransomware attack against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co.
The unique law enforcement operation was the result of a years-long investigation by international police agencies and was designed to undermine the group’s credibility in the criminal underground, officials said.
“LockBit’s affiliates should be very concerned right now, especially as law enforcement continues to make decryptors available to victims,” Mandiant Consulting chief technology officer Charles Carmakal said.
The US has charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.
Before it was seized by police, LockBit would often publish caches of stolen data from victimized companies that did not pay — such as personal private information of customers, medical records, internal billing data and the communications of internal staff, among other things.
The leaks were intended to harm the reputation of victims and put them in legal jeopardy, netting LockBit more than US$120 million in ransom payments, experts said.
NCA Director-General Graeme Biggar on Tuesday told reporters that the true cost, including money spent by organizations and corporations scrambling to regain access to their networks and the effect on business, could have amounted to losses totaling Additional reporting by staff writer
Malaysia yesterday installed a motorcycle-riding billionaire sultan as its new king in lavish ceremonies for a post seen as a ballast in times of political crises. The coronation ceremony for Malaysia’s King Sultan Ibrahim, 65, at the National Palace in Kuala Lumpur followed his oath-taking in January as the country’s 17th monarch. Malaysia is a constitutional monarchy, with a unique arrangement that sees the throne change hands every five years between the rulers of nine Malaysian states headed by centuries-old Islamic royalty. While chiefly ceremonial, the position of king has in the past few years played an increasingly important role. Royal intervention was
X-37B COMPARISON: China’s spaceplane is most likely testing technology, much like US’ vehicle, said Victoria Samson, an official at the Secure World Foundation China’s shadowy, uncrewed reusable spacecraft, which launches atop a rocket booster and lands at a secretive military airfield, is most likely testing technology, but could also be used for manipulating or retrieving satellites, experts said. The spacecraft, on its third mission, was last month observed releasing an object, moving several kilometers away and then maneuvering back to within a few hundred meters of it. “It’s obvious that it has a military application, including, for example, closely inspecting objects of the enemy or disabling them, but it also has non-military applications,” said Marco Langbroek, a lecturer in optical space situational awareness at Delft
The Philippine Air Force must ramp up pilot training if it is to buy 20 or more multirole fighter jets as it modernizes and expands joint operations with its navy, a commander said yesterday. A day earlier US National Security Adviser Jake Sullivan said that the US “will do what is necessary” to see that the Philippines is able to resupply a ship on the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) that Manila uses to reinforce its claims to the atoll. Sullivan said the US would prefer that the Philippines conducts the resupplies of the small crew on the warship Sierra Madre,
AIRLINES RECOVERING: Two-thirds of the flights canceled on Saturday due to the faulty CrowdStrike update that hit 8.5 million devices worldwide occurred in the US As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain. Government cybersecurity agencies across the globe and CrowdStrike CEO George Kurtz are warning businesses and individuals around the world about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage. “We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant