Security News > 2024 > February > LockBit leak site is back online

LockBit leak site is back online
2024-02-26 14:02

LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days.

Last week, Operation Cronos hit LockBit hard by taking over their leak site and affiliate panel, disrupting part of their infrastructure, and arresting some suspected affiliates.

Operation Cronos also shared a list of LockBit 3.0 affiliates last week.

The list doesn't really mean much to the public as the affiliates are listed by nickname, but could possibly scare the affiliates, make them think that the authorities will be able to find their real world identities, and make them think twice about continuing their attacks.

With the leak site back online, LockBitSupp has released a message to the FBI in English and Russian, admitting that they've become lazy and irresponsible when it comes to patching, thereby allowing law enforcement to exploit a known PHP vulnerability to compromise two of the RaaS operation's main servers.

You can review the very long message on DataBreaches.net but its overarching aim is to convince affiliates that they can still trust the LockBit operators.


News URL

https://www.helpnetsecurity.com/2024/02/26/lockbit-leak-site-is-back-online/