FBI, Europol, NCA: APT group LockBit smashed!

Share post

According to the authorities, Europol, the FBI and the British NCA have dismantled the APT group LockBit. At least it has all darknet leak sites under control and is probably already distributing decryption tools. The authorities even used the system of leak sites to distribute information and tools.

It sounds too good to be true: A global network of authorities such as the FBI, Eruopol, NCA and many more have succeeded in striking a significant blow against the APT group LockBit. Officially, the group's network has been dismantled, the servers taken over, source codes and documents confiscated and even all leak sites taken over. According to a report from the British National Crime Agency (NCA). The NCA has taken control of LockBit's primary management environment, which allowed its partners to create and carry out attacks, as well as the group's publicly accessible leak site on the dark web, where it hosted and shared data previously stolen from victims which had threatened to be published.

Leak sites are now helping victims

LockBit leak page

🔎 The authorities have not blocked the LockBit leak page on the darknet, but are using it as an information platform (Image: B2B-CS).

Typically, a group's leak pages are simply blocked after the arrest. But that's different now: the website now displays a range of information about LockBit's capabilities and processes. However, the whole thing is supposed to be a help for the victims. There you will find information about contact points, help after payment, decryption keys and links to tools with decryption tools. The transferred page with the information can now be found at this gate address: to the LockBit page (onion address).

Victim data still available despite promise to delete

The authorities have access to the LockBit Group's entire administration system. These are the leak sites and their controls, as well as the chat in which negotiations were held with the victims. The entire data management of the data extracted from victims is also in the hands of the authorities, including the source code of the malware and the affiliate platform for partners of the LockBit Group. One of the most interesting finds is stolen data where the victims had paid the ransom. LockBit had repeatedly promised that the data would be deleted after a payment. But gangsters are gangsters.

Data exfiltration tool and server confiscated

LockBit had a custom data exfiltration tool called Stealbit that was used by partners to steal victim data. Authorities seized this infrastructure from members of the Op Cronos task force located in three countries, and 28 servers belonging to LockBit subsidiaries were also shut down. At the same time, the first people who are said to have worked with LockBit have already been arrested in Poland and Ukraine. According to Europol, 200 Bitcoin accounts have also been frozen.

More at Europol.Europa.eu


Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more