Police resurrect LockBit's site and troll the ransomware gang
An international coalition of police agencies have resurrected the dark web site of the notorious LockBit ransomware gang, which they had seized earlier this year, teasing new revelations about the group.
On Sunday, what was once LockBit’s official dark net site reappeared online with new posts that suggest the authorities are planning to release new information about the hackers in the next 24 hours, as of this writing.
The posts have titles such as “Who is LockBitSupp?” “What have we learnt,” “More LB hackers exposed,” and “What have we been doing?”
In February, a law enforcement coalition that included the U.K.’s National Crime Agency (NCA), the U.S. Federal Bureau of Investigation, and forces from Germany, Finland, France, Japan and others announced that they had infiltrated LockBit’s official site. The coalition seized the site and replaced information on it with their own press release and other information in a clear attempt to troll and warn the hackers that the authorities were on to them.
The February operation also included the arrests of two alleged LockBit members in Ukraine and Poland; the takedown of 34 servers across Europe, the U.K., and the U.S.; and the seizure of more than 200 cryptocurrency wallets belonging to the hackers.
FBI spokesperson Samantha Shero told TechCrunch that the bureau had no comment. The NCA did not respond to a request for comment.
LockBit first emerged in 2019 and has since become one of the most prolific ransomware gangs in the world, netting millions of dollars in ransom payments. The group has proven to be very resilient. Even after February’s takedown, the group has reemerged with a new dark web leak site, which has been actively updated with new alleged victims.
All the new posts on the seized website, except for one, have a countdown that ends at 9 a.m. ET on Tuesday, May 7, suggesting that’s when law enforcement will announce the new actions against LockBit. Another post says the site will be shut down in four days.
Since the authorities announced what they called “Operation Cronos” against LockBit in February, the group’s leader, known as LockBitSupp, has claimed in an interview that law enforcement has exaggerated its access to the criminal organization as well as the effect of its takedown.
On Sunday, the hacking collective vx-underground wrote on X that they had spoken to LockBit’s administrative staff, who had told them the police were lying.
“I don’t understand why they’re putting on this little show. They’re clearly upset we continue to work,” the staff said, according to vx-underground.
The identity of LockBitSupp is still unknown, although that could change soon. One of the new posts on the seized LockBit site promises to reveal the hacker’s identity on Tuesday. It has to be noted, however, that the previous version of the seized site also appeared to promise to reveal the gang leader’s identity, but eventually did not.
This story was updated to include the FBI’s no comment.