Share this article on:
LockBit’s seized dark web leak site looks set to host new information garnered from ongoing investigations into the gang’s operation.
New revelations about the LockBit ransomware gang may be looming, according to the operation’s old dark web leak site.
A raft of law enforcement agencies took down LockBit’s leak site in February, replacing it with a look-alike site boasting of their success.
“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the site said at the time.
Now, the same site has been resurrected, teasing a whole new set of information to come in a couple of days.
Several parts of the site were updated on 2 May, all promising more information to be dropped on 7 May, including an answer to the “$10m question – who is LockBitSupp”. LockBitSupp is the gang’s apparent leader, and the law enforcement agencies involved in the site takedown have already suggested the individual is based in Russia and had “engaged with law enforcement”.
The NCA is also suggesting that it will soon be shedding light on some of LockBit’s affiliates while sharing details garnered from the gang’s back-end systems.
“More LB hackers exposed,” one tile on the seized site said. “After compromising LockBit’s platform, law enforcement will be coordinating activity to deal with LockBit’s affiliates.”
“What have we learnt?” said another. “Some facts and figures from the back-end.”
Again, a date of 7 May is given for when these details will be shared.
The Australian Federal Police took part in Operation Cronos, with its logo appearing alongside other law enforcement agencies, including Europol, the Metropolitan Police, and the Department of Justice.
I guess we’ll be watching this space to see what new information law enforcement is willing to share on LockBit’s activities. Despite the February takedown of the gang’s site, LockBit is still regularly posting victim details on several new darknet sites.
LockBit’s most recent victim was Australian call centre operator OracleCMS, which saw data from several Australian councils, religious groups, and companies compromised in an April ransomware attack.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.