February 26, 2024 at 12:15AM
LockBit ransomware group resurfaces on the dark web, moving their data leak portal to a new address and acknowledging PHP flaw exploitation. They claim the FBI hacked their infrastructure and seek to discredit law enforcement agencies. In a separate incident, Russian authorities arrest three individuals tied to the SugarLocker ransomware group. The group operated under a legitimate IT firm, offering services and carrying out fraudulent schemes. Notably, one of the arrested individuals faced financial sanctions for an alleged role in a ransomware attack against a health insurance provider.
From the meeting notes, it is clear that the threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, following an international law enforcement operation that seized control of their servers. They have moved their data leak portal to a new .onion address on the TOR network and listed 12 new victims. The administrator behind LockBit admitted that their websites were confiscated due to a critical PHP flaw and claimed that the FBI had “hacked” their infrastructure.
Additionally, three individuals linked to the SugarLocker ransomware group have been arrested by Russian law enforcement officials. The group had been operating under the guise of a legitimate IT firm, offering services for the development of landing pages, mobile applications, and online stores. They have been accused of developing custom malware and creating phishing sites for online stores, as well as driving user traffic to fraudulent schemes.
The meeting notes also mention the arrest of Aleksandr Nenadkevichite Ermakov, a member of the SugarLocker group, who is facing allegations related to a ransomware attack against health insurance provider Medibank. This attack led to the unauthorized access of sensitive customer information, some of which found its way to the dark web.
In summary, the meeting notes cover the resurfacing of the LockBit ransomware operation, the arrest of individuals linked to the SugarLocker group, and the details of the ransomware attack against Medibank.