One of the world’s biggest criminal hacking gangs on Tuesday woke up to a startling discovery: Law enforcement, after taking over their main Web site on Monday, were now threatening to reveal their personal details and data about their cybercrime organization.
The group, LockBit, had become notorious in cybercrime circles for using malicious software called ransomware to digitally extort victims, relying on underground marketing campaigns to boost its profile.
At one point, LockBit had promised US$1,000 to anyone who tattooed their logo on themselves, cybersecurity researchers said.
Photo: Handout via Reuters
The group’s ringleader, known by the online moniker “LockBitSupp,” had also become so confident in their own anonymity that they had promised US$10 million to the first person who could find and unmask them, the British National Crime Agency (NCA) said.
The international law enforcement operation, which had posted on the extortion Web site on Monday that it had taken control, on Tuesday said it had re-engineered LockBit’s core online system — mimicking the countdown clock that LockBit used in extortion attempts and posing its own US$10 million challenge, a review of LockBit’s “dark Web” site showed.
The core online system was re-engineered to target the hackers in the same way they had terrorized victims: with an advent calendar-like series of tiles, each marked with a countdown timer that, upon reaching zero, published stolen data.
Across the Web site’s front page, where victim names once stood, law enforcement agencies replaced the text and links with internal data obtained by hacking the hackers themselves.
The resulting display was a smorgasbord of law enforcement action against LockBit, which included indictments, sanctions, a tool with which victims can decrypt their data, and a new countdown with two days left on the clock which asked: “Who is LockBitSupp? The $10 million question.”
Before it was taken down, LockBit’s Web site had displayed an ever-growing gallery of victim organizations that was updated nearly daily. Next to the names were digital clocks showing the number of days left to the deadline given to each organization to provide ransom payment.
In June last year, technology news Web site TechCrunch said that LockBit had targeted Taiwan Semiconductor Manufacturing Co, a month after claiming responsibility for a ransomware attack against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co.
The unique law enforcement operation was the result of a years-long investigation by international police agencies and was designed to undermine the group’s credibility in the criminal underground, officials said.
“LockBit’s affiliates should be very concerned right now, especially as law enforcement continues to make decryptors available to victims,” Mandiant Consulting chief technology officer Charles Carmakal said.
The US has charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.
Before it was seized by police, LockBit would often publish caches of stolen data from victimized companies that did not pay — such as personal private information of customers, medical records, internal billing data and the communications of internal staff, among other things.
The leaks were intended to harm the reputation of victims and put them in legal jeopardy, netting LockBit more than US$120 million in ransom payments, experts said.
NCA Director-General Graeme Biggar on Tuesday told reporters that the true cost, including money spent by organizations and corporations scrambling to regain access to their networks and the effect on business, could have amounted to losses totaling Additional reporting by staff writer
OPTIMISTIC: A Philippine Air Force spokeswoman said the military believed the crew were safe and were hopeful that they and the jet would be recovered A Philippine Air Force FA-50 jet and its two-person crew are missing after flying in support of ground forces fighting communist rebels in the southern Mindanao region, a military official said yesterday. Philippine Air Force spokeswoman Colonel Consuelo Castillo said the jet was flying “over land” on the way to its target area when it went missing during a “tactical night operation in support of our ground troops.” While she declined to provide mission specifics, Philippine Army spokesman Colonel Louie Dema-ala confirmed that the missing FA-50 was part of a squadron sent “to provide air support” to troops fighting communist rebels in
PROBE: Last week, Romanian prosecutors launched a criminal investigation against presidential candidate Calin Georgescu accusing him of supporting fascist groups Tens of thousands of protesters gathered in Romania’s capital on Saturday in the latest anti-government demonstration by far-right groups after a top court canceled a presidential election in the EU country last year. Protesters converged in front of the government building in Bucharest, waving Romania’s tricolor flags and chanting slogans such as “down with the government” and “thieves.” Many expressed support for Calin Georgescu, who emerged as the frontrunner in December’s canceled election, and demanded they be resumed from the second round. George Simion, the leader of the far-right Alliance for the Unity of Romanians (AUR), which organized the protest,
ECONOMIC DISTORTION? The US commerce secretary’s remarks echoed Elon Musk’s arguments that spending by the government does not create value for the economy US Secretary of Commerce Howard Lutnick on Sunday said that government spending could be separated from GDP reports, in response to questions about whether the spending cuts pushed by Elon Musk’s Department of Government Efficiency could possibly cause an economic downturn. “You know that governments historically have messed with GDP,” Lutnick said on Fox News Channel’s Sunday Morning Futures. “They count government spending as part of GDP. So I’m going to separate those two and make it transparent.” Doing so could potentially complicate or distort a fundamental measure of the US economy’s health. Government spending is traditionally included in the GDP because
Hundreds of people in rainbow colors gathered on Saturday in South Africa’s tourist magnet Cape Town to honor the world’s first openly gay imam, who was killed last month. Muhsin Hendricks, who ran a mosque for marginalized Muslims, was shot dead last month near the southern city of Gqeberha. “I was heartbroken. I think it’s sad especially how far we’ve come, considering how progressive South Africa has been,” attendee Keisha Jensen said. Led by motorcycle riders, the mostly young crowd walked through the streets of the coastal city, some waving placards emblazoned with Hendricks’s image and reading: “#JUSTICEFORMUHSIN.” No arrest
RSS