February 21, 2024 at 09:15AM
The National Crime Agency revealed that nearly 200 “affiliates” were registered by the LockBit ransomware group over two years. The NCA took control of LockBit’s site, publicizing data revealing affiliates and exposing the StealBit tool. International efforts brought down the affiliate infrastructure, with the NCA warning against future misuse of StealBit.
Key takeaways from the meeting notes are as follows:
1. Law enforcement authorities have indicated that the LockBit ransomware group registered nearly 200 “affiliates” over the past two years.
2. The National Crime Agency (NCA) has control of LockBit’s site and announced the successful takedown of the world’s leading ransomware gang.
3. The NCA has published details of the affiliates involved in the LockBit 3.0 operations, with 187 different affiliates registered between January 31, 2022, and February 5, 2024.
4. The FBI has been investigating LockBit since 2020, and it has developed new variants of its ransomware.
5. Data gathered from compromising LockBit’s backend will be used to investigate those involved in deploying the ransomware and being part of the LockBit affiliate program.
6. The NCA, along with international partners, has coordinated efforts to bring down the affiliate infrastructure in countries including the UK, US, France, Germany, Switzerland, Australia, Finland, and the Netherlands.
7. Details of StealBit – the LockBit operation’s bespoke data exfiltration tool – were also published by the NCA.
8. StealBit is a tool used by LockBit affiliates to steal data from victims before deploying the ransomware payload.
9. The NCA has located and “destroyed” all six of StealBit’s proxy servers and warned against any attempts to bring them back online.
These key points summarize the significant developments and actions related to the LockBit ransomware group and its affiliate program as discussed in the meeting notes.