LockBit registered nearly 200 "affiliates" over the past two years

News
By published

New details about LockBit operations are emerging

Code Skull
(Image credit: Shutterstock)

More information about the business operations of the LockBit ransomware gang have emerged, a day after the UK National Crime Agency (NCA) and partners were able to apparently disrupt the group and deface its leak site.

According to The Register, the NCA found 187 groups and individuals registered inside the LockBit affiliate portal. LockBit operated on a Ransomware-as-a-Service (RaaS) model, in which various groups signed up and used the encryptor and the infrastructure, in exchange for a cut of the profits (the ransom payment, essentially).

The law enforcement says the affiliates registered between January 31, 2022, and February 5, 2024. 

"Have a nice day"

"Hello [user name], Law Enforcement has taken control of LockBit's platform and obtained all the information held on there. This information relates to the LockBit group and you, their affiliate,” the NCA said in a message left on the affiliate portal, following defacement. “We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more. You can thank Lockbitsupp and their flawed infrastructure for this situation… we may be in touch with you very soon.”

 “If you would like to contact us directly, please get in touch. Have a nice day.” 

LockBit is a Russia-based ransomware group that was considered one of the biggest threats - if not the biggest threat - in the ransomware industry. Given the location, arrests are highly unlikely, but the NCA, together with the FBI and a host of other law enforcement agencies, managed to infiltrate LockBit’s infrastructure and take it down. Whether or not LockBit returns in one form or another remains to be seen. However, with law enforcement turning their attention towards the affiliates, it’s possible that the ransomware industry will change forever.

"A large amount of data has been exfiltrated from LockBit's platform before it was all corrupted," a notice now stands on the LockBit website. "With this data, the NCA and partners will be coordinating further enquiries to identify the hackers who pay to be a LockBit affiliate. Some basic details published here for the first time."

Ciaran Martin, the former head of the UK's National Cyber Security Centre told the BBC that this was “one of the most consequential disruptions ever undertaken” against a ransomware operator. “Certainly by far the biggest ever led by British police.”

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Ransomware
8base ransomware site taken down in global police operation
Representational image of a cybercriminal
US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Swiss flag with view of Geneva city, Switzerland

Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
See more latest
Most Popular
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
Canon EOS R50 V on a wooden table, alongside the EOS R50
I tried Canon's two new vlogging cameras – here's why the EOS R50 V offers better video value
Canon RF 20mm F1.4L VCM lens on a wooden table, alongside three other Canon hybrid prime lenses
Canon’s new 20mm f/1.4 lens could be the ultimate wide-angle prime for astro photography and video work, but its pricey
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV