International law enforcement is trolling the notorious ransomware group Lockbit through the group’s own site on the Dark Web, which investigators previously seized back in February. On Sunday, Europol, the FBI, and the UK’s National Crime Agency resurrected the seized Lockbit site to tease more revelations about the gang, including its chief administrator, the so-called “LockbitSupp.” This includes placing several countdowns across the webpage that’ll end on Tuesday 10 a.m. EST.”More LB hackers exposed,” the site says. “After compromising Lockbit’s platform, Law Enforcement will be coordinating activity to deal with Lockbit’s affiliates.”The UK’s National Crime Agency has since indicated that the countdown is legit, tweeting an image that says an announcement will be made on Tuesday. This comes more than two months after authorities failed to fully dismantle the Lockbit organization in February, although some arrests were made and sanctions were issued.
This Tweet is currently unavailable. It might be loading or has been removed.
At the time, investigators took over Lockbit’s main site on the dark web, and even teased that LockbitSupp’s identity would be revealed through a similar countdown. But the resulting announcement underwhelmed, when law enforcement merely said: “We know who he is. We know where he lives. We know how much he is worth. LockBitSupp has engaged with Law Enforcement.” Police then shut down the seized Lockbit site before reviving it on Sunday. Police have likely stopped short of arresting all of Lockbit’s membership because federal investigators believe the group is based in Russia, a country that refuses to extradite criminal suspects to the US. It also hasn’t helped that Lockbit was quick to migrate to a different site and claim attacks against new victims. In response, it looks like international law enforcement is trying to not only disrupt the group’s infrastructure, but also shake confidence in Lockbit, which rents out its ransomware attacks to cybercriminal affiliates.
Recommended by Our Editors
Not surprisingly, Lockbit is responding to announcement by listing new companies and organizations that the group has compromised in recent months. The ransomware gang also told malware repository site Vx-underground that “they will continue to work and will continue to ‘bring’ new victims,” despite the seizure notice from law enforcement.Editor’s note: This story has been corrected to note law enforcement have resurrected a Lockbit site that they previously seized. They did not seize a new Lockbit domain.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
