February 25, 2024 at 04:27AM
LockBit ransomware’s exposure and response to law enforcement have prompted suspicion and distrust among affiliates. Despite attempts to maintain anonymity, it was revealed that LockBit’s leadership engaged with authorities. Their operations have been disrupted, with 14,000 rogue accounts closed. The group’s multi-year illicit profits exceed $120 million, with a significant impact on global finances. Operation Cronos has severely handicapped their ability to continue under the LockBit brand.
Key Takeaways from the Meeting Notes:
1. LockBitSupp, representing the LockBit ransomware service, has engaged with law enforcement, which has resulted in the shutdown of rogue accounts used by the criminals on third-party services.
2. There are indications that multiple individuals have operated the “LockBit” and “LockBitSupp” accounts, with the gang’s leader being one of them. The group has increased the bounty for revealing their real identities to $20 million USD.
3. LockBit has gone through several iterations since its inception, with a new version called LockBit-NG-Dev being developed prior to the dismantling of its infrastructure. This new variant shows advancements in code architecture and includes a validity period to resist automated analysis and prevent malware reuse.
4. The group encountered logistical, technical, and reputational problems, including the leak of the ransomware builder and suspicion of potential infiltration by government agents.
5. LockBit’s accounts were banned from cybercrime forums for failing to pay an initial access broker, indicating difficulties in maintaining their operations.
6. Analysis of the LockBit operation identified over 28 affiliates with ties to other Russian e-crime groups, and the group was found to have made significant illicit profits, potentially exceeding $120 million.
7. Operation Cronos has dealt a severe blow to LockBit’s ability to continue ransomware activities, with doubts about the group’s technical capabilities and the trustworthiness of their access sources post-takedown.
These takeaways provide a comprehensive overview of the current status of the LockBit ransomware service, including its interactions with law enforcement, technical developments, and its overall impact on the cybercrime ecosystem.