Home / News / The federal authorities successfully hacked LockBit, but LockBit quickly recovered. What is the next step?

The federal authorities successfully hacked LockBit, but LockBit quickly recovered. What is the next step?

A new leak site on the dark web with additional victims has surfaced for the Russia-based LockBit ransomware organization.

The surviving LockBit administrator wrote a lengthy and borderline-rambling statement on Saturday, admitting that their incompetence was responsible for last week’s interruption. By taking advantage of a flaw in LockBit’s public websites, including the dark web leak site the group used to share stolen data from victims, an international law enforcement operation took control of the ransomware gang’s infrastructure.

The federal authorities’ Operation Cronos involved the destruction of 34 servers across Europe, the U.K., and the U.S., the seizure of over 200 bitcoin wallets, and the capture of two alleged LockBit members in Poland and Ukraine.

Five days later, LockBit announced that it had restarted operations and that it had done so by using backups that were unaffected by the government’s actions. LockBit’s administrator said that they will react by targeting the government sector.

The National Crime Agency spokesman said that activity Cronos effectively entered and gained control of LockBit’s networks, compromising their whole criminal activity.

The NCA said that LockBit’s systems have been damaged and are entirely penetrated.

Law enforcement declares a significant triumph, but the key figure behind LockBit is still on the run, posing a danger and selecting new targets, creating a current conflict between the two parties. LockBit’s resurgence has resulted in over a dozen additional victims, suggesting that reports of its extinction may have been exaggerated.

The ongoing conflict between law enforcement and criminals continues to escalate, with both sides making aggressive statements and strong assertions.

The NCA announced a significant revelation about the gang’s enduring leader, known as “LockBitSupp,” but provided no information on the administrator in a post on LockBit’s hacked dark web leak site on Friday.

We are aware of his identity. We are aware of his place of residence. We are aware of his net worth. The NCA statement said that LockBitSupp had collaborated with Law Enforcement.

U.S. law enforcement agencies have offered a substantial reward for information that may lead to identifying or locating senior leaders of the LockBit gang, indicating that they currently lack this knowledge or are unable to confirm it.

LockBit is likely to persist as long as the apparent administrator LockBitSupp is active, the last component of the LockBit puzzle. Ransomware groups are adept at swiftly reorganizing and renaming themselves after law enforcement interventions that try to dismantle them permanently.

Consider another ransomware group operating in Russia: Last year, ALPHV, also known as BlackCat, had a setback when law enforcement officials confiscated its dark web leak site and provided decryption keys to allow victims to retrieve their stolen material. The ALPHV just declared that it regained control of its leak site and said that the FBI had decryption keys for only about 400 firms, leaving over 3,000 victims with encrypted data.

Currently, ALPHV’s leak site is operational and regularly adding new victims.

Ransomware groups like Hive and Conti have reportedly undergone law enforcement actions in the past, but have allegedly rebranded and reorganized under new identities. Conti members are reportedly working under the new organizations Black Basta, BlackByte, and Karakurt, while former Hive members have relaunched as a new ransomware operation called Hunters International.

Despite being a significant event, current signals indicate that the LockBit takedown will likely be similar to previous ones.

LockBit said that law enforcement only acquired a few decryptors, apprehended the incorrect individuals, and did not successfully shut down all of the websites under its authority. LockBit promised to enhance the security of its infrastructure, personally distribute decryptors, and maintain its affiliate program after the operation.

LockBit expressed confidence in their capacity to remain undeterred by the FBI and their associates, citing the service’s stability as a result of years of consistent effort. “They aim to intimidate me as they are unable to locate and eradicate me. I am unstoppable.”

The NCA informed that they were aware that LockBit will probably try to reorganize and reconstruct their systems, but they also noted that the agency’s efforts are still disrupting the organization.

“We have accumulated a substantial amount of information about them and their affiliates, and our efforts to identify and impede them are ongoing,” said NCA spokesman Richard Crowe.

Law enforcement’s admission that they are still actively trying to dismantle the gang indicates that LockBit is still operational and probably never ceased to exist.

About Chambers

Check Also

The Air Force has abandoned its attempt to install a directed-energy weapon on a fighter jet, marking another failure for airborne lasers

The U.S. military’s most recent endeavor to create an airborne laser weapon, designed to safeguard …