The website of ransomware hackers LockBit, which was seized by police and shut down, has relaunched. However, it wasn’t the hackers that propped it back up, but rather the law enforcement agents who originally seized it.
The refreshed website includes some new details about the group and its leader. Some of the teasers on the website include “Who is LockBitSupp?”, “WHat have we learnt,” “More LB hackers exposed,” and more.
The police also posted an image on X, with a 24-hour countdown timer, when the information will be released. At press time, there were under six hours left on the clock.
Who is LockBitSupp?
An international coalition of law enforcement agencies infiltrated the group’s infrastructure in late February 2024 seized the servers, confiscated a lot of money, plenty of data on the operation, its affiliates, and more.
The police defaced LockBit’s website and left a message saying the operation is terminated and that they would be coming for the affiliates (of which there were, apparently, around 200).
Two alleged LockBit members were arrested, one in Ukraine, and one in Poland.
One of the last big attacks before the attack was on EquiLend, a global financial technology, data and analytics firm, which was hit in late January 2024, with LockBit affiliates walking away with sensitive customer data.
Soon after the police operation, dubbed Cronos, the ransomware’s key operator, going by the name LockBitSupp, said the police exaggerated their claims, that the operation was no more than a temporary setback, and that the operation would continue soon enough.
In less than two weeks, LockBit was back with new encryptors, new infrastructure, and new data leak and negotiation websites. Newer victims reported getting a different ransom note, with a new Tor URL.