LockBit ransomware’s site taken over to reveal operation’s secrets

International law enforcement agencies behind the dismantling of the LockBit ransomware operation have leveraged the group's leak site as a repository for the ransomware gang's secrets throughout the week, including information regarding the operation's affiliate infrastructure, account closures, and the identity of its leader LockBitSupp, The Register reports.

Such revelations about LockBit, which will be led by the UK's National Crime Agency, have been accompanied by the arrests of the ransomware gang's affiliates in Poland and Ukraine, as well as an indictment filed by the U.S. Justice Department against Russians Ivan Kondratyev and Artur Sungatov who allegedly targeted U.S. organizations with the ransomware. More than 30 servers used by LockBit across several countries, including the U.S., France, Germany, and Australia, have been disrupted while over 200 cryptocurrency accounts have been frozen as part of the crackdown. "The NCA has also obtained the LockBit platform's source code and a vast amount of intelligence from their systems about their activities and those who have worked with them and used their services to harm organizations throughout the world," said the NCA. Moreover, NCA Director General Graeme Biggar also emphasized that it will continue efforts clamping down on LockBit to thwart its potential reemergence.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.