A global alliance of law enforcement organisations has revived the dark web page of the infamous LockBit’s ransomware gang, which they had taken earlier this year, hinting at fresh information about the organisation.
As of writing, what was previously LockBit’s official darknet website returned online on Sunday with new postings indicating the authorities want to disclose fresh information on the hackers within the next 24 hours.
The posts’ titles include “Who is LockBitSupp?” “What have we learnt?” “More LB hackers exposed?” “And what have we been doing?”
A law enforcement consortium including the U.S. Federal Bureau of Investigation, the National Crime Agency of the United Kingdom, as well as authorities from Germany, Finland, France, Japan, and other countries, said in February that they had breached LockBit’s official website. In a blatant effort to troll and alert the hackers that the police were on to them, the coalition took control of the website and changed the content with their own press release and other material.
Along with taking down 34 servers around Europe, the U.K., and the U.S., the February operation also resulted in the arrest of two accused LockBit’s members in Poland and Ukraine, as well as the confiscation of over 200 bitcoin wallets linked to the hackers.
The FBI and the NCA did not immediately respond to a request for comment.
With millions of dollars in ransom payments, LockBit, which initially surfaced in 2019, has grown to be one of the most active ransomware gangs globally. It has shown that the gang is very resilient. The organisation resurfaced in February, regularly updating a new dark web leak site with new victim claims.
With one exception, every new post on the seized website has a countdown that expires at 9 a.m. Eastern Time on Tuesday, May 7, implying that’s when law enforcement will reveal the fresh LockBit measures. The website will go down in four days, according to another article.
The leader of the group, LockBitSupp, said in an interview that law enforcement has overstated both the impact of its takedown and its access to the criminal organisation since the police declared what they dubbed “Operation Cronos” against LockBit in February.
On Sunday, the hacker group vx-underground posted on X claiming to have communicated with LockBit’s administrative personnel, who informed them the cops were lying.
Why they are staging this little performance is beyond me. They’re obviously not happy that we’re still working, the personnel said, citing vx-underground reports.
It is still unclear who LockBitSupp is, but that could soon change. On Tuesday, one of the fresh entries on the confiscated LockBit’s website pledged to disclose the name of the hacker. However, it’s worth noting that the previous iteration of the seized website also appeared to pledge to reveal the gang boss’s identity, but it ultimately failed to do so.