LockBit Takedown Continues: Law Enforcement Teases New Leaks

by ·

The intelligence services revived the seized LockBit website to announce new information disclosed by law enforcement agencies.

Following the extensive “Chronos” operation, authorities dismantled the LockBit infrastructure and transformed one of its leak sites into a platform for press releases. Law enforcement officials are using the site to provide updates on the operation and to expose how LockBit deceived its victims by failing to delete data even after receiving ransoms.

A post titled “Who is LockBitSupp?” sparked particular interest, hinting at revealing the identity of the operation’s leader. However, after several days of anticipation, the post merely stated: “We know who he is. We know where he lives. We know how much he is worth. LockBitSupp has engaged with Law Enforcement :).” Shortly thereafter, the site was taken down, and many viewed this message as a failure by law enforcement to provide the expected information and allowed LockBitSupp to maintain his anonymity.

Experts at BleepingComputer discovered that on May 5th, the LockBit site was relaunched, announcing 7 new posts scheduled to appear today at 14:00 (UTC). Among the announced titles are: “What Have We Learned?”, “More LockBit Hackers Exposed”, “What Have We Been Doing?”, and a post that many hope will be the definitive exposé of LockBit’s activities, “Who is LockBitSupp?”. The world now waits to see whether law enforcement will reveal anything substantial about the LockBit leader or if it will again end in disappointment.

Since the operation, LockBit’s activity has diminished, with many partners fearing that the group is under close surveillance. However, this does not mean that the threat from the group has disappeared, as destructive attacks continue, and LockBit still poses a risk to companies worldwide. For instance, in April, the Simone Veil Hospital in France was targeted by a LockBit cyberattack, disrupting operations and forcing staff to revert to using paper for record-keeping.

Additionally, the LockBit 3.0 ransomware was allegedly used by hackers from North Korea in an attack on Systembolaget, a key distributor of home appliances in Sweden, severely disrupting the logistics of goods.

Tags: