News Articles

Smashing a Criminal Enterprise, Inside the Lockbit Ransomware Takedown

Source: techcentral, 21/02/2024

One of the world`s largest criminal hacking gangs, Lockbit, woke up on Tuesday to an unexpected turn of events. Law enforcement, having taken control of their main website on Monday, now threatened to expose personal details and data about their cybercrime organization.

Lockbit, notorious for using ransomware to extort victims, had relied on underground marketing campaigns to boost its profile. At one point, they offered a reward of US$1,000 to anyone tattooing their logo on themselves.

The group`s ringleader, known as LockbitSupp, had become so confident in their anonymity that they promised $10 million to anyone who could find and unmask them, according to Britain’s National Crime Agency (NCA).

In response, an international law enforcement operation re-engineered Lockbit`s core online system, mimicking their countdown clock used in extortion attempts. The law enforcement challenge posed a $10 million question, mirroring Lockbit`s own offer.

The re-engineered system targeted the hackers with an advent calendar-like display, each marked with a countdown timer. Upon reaching zero, stolen data would be published. Law enforcement replaced victim names on the website`s front page with internal data obtained by hacking the hackers themselves.

The display showcased law enforcement actions, including indictments, sanctions, a decryption tool for victims, and a new countdown asking, “Who is LockbitSupp? The $10 million question.”

Before its takedown, Lockbit`s website displayed an ever-growing gallery of victim organizations, updated nearly daily, alongside countdown timers for ransom payment deadlines.

This unique law enforcement operation resulted from years of investigation and aimed to undermine Lockbit`s credibility in the criminal underground. Charles Carmakal, Mandiant Consulting’s chief technology officer, noted that Lockbit`s affiliates should be concerned as law enforcement continues to provide decryptors to victims.

The US charged two Russian nationals with deploying Lockbit ransomware globally, and arrests were made in Poland and Ukraine. Lockbit, before being seized by police, extorted multiple victims simultaneously through its website, accumulating over $120 million in ransom payments.

Graeme Biggar, director-general of the NCA, mentioned that the true cost, including money spent by organizations to regain network access and the impact on business, could amount to losses totaling billions.

South Africa Immigration Company