LockBit ransomware site returns — but don't worry, it might actually be OK
Police have restored LockBit site, apparently to troll the criminals
The website of ransomware hackers LockBit, which was seized by police and shut down, has relaunched. However, it wasn’t the hackers that propped it back up, but rather the law enforcement agents who originally seized it.
The refreshed website includes some new details about the group and its leader. Some of the teasers on the website include “Who is LockBitSupp?”, “WHat have we learnt,” “More LB hackers exposed,” and more.
The police also posted an image on X, with a 24-hour countdown timer, when the information will be released. At press time, there were under six hours left on the clock.
Who is LockBitSupp?
An international coalition of law enforcement agencies infiltrated the group’s infrastructure in late February 2024 seized the servers, confiscated a lot of money, plenty of data on the operation, its affiliates, and more.
The police defaced LockBit’s website and left a message saying the operation is terminated and that they would be coming for the affiliates (of which there were, apparently, around 200).
Two alleged LockBit members were arrested, one in Ukraine, and one in Poland.
One of the last big attacks before the attack was on EquiLend, a global financial technology, data and analytics firm, which was hit in late January 2024, with LockBit affiliates walking away with sensitive customer data.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Soon after the police operation, dubbed Cronos, the ransomware’s key operator, going by the name LockBitSupp, said the police exaggerated their claims, that the operation was no more than a temporary setback, and that the operation would continue soon enough.
In less than two weeks, LockBit was back with new encryptors, new infrastructure, and new data leak and negotiation websites. Newer victims reported getting a different ransom note, with a new Tor URL.
More from TechRadar Pro
- LockBit ransomware officially returns — hackers hit back with new attacks following apparent shutdown
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.