Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

BlueSky blocks Mississippi services across age guarantee laws

August 24, 2025

Openai warns against SPVs and other “unauthorized” investments

August 23, 2025

Amazon AGI Labs Chief defends his reverse Acquihire

August 23, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    BlueSky blocks Mississippi services across age guarantee laws

    August 24, 2025

    BlueSky blocks Mississippi services across age guarantee laws

    August 22, 2025

    Tiktok denies India's comeback after reporting that the website has been published

    August 22, 2025

    Google makes it easier to edit drive videos with the new VIDS shortcut button

    August 22, 2025

    X brings out the ability to like and follow the free tier of developer APIs

    August 22, 2025
  • Crypto

    Coinbase CEO explains why he fired an engineer who didn't try AI right away

    August 22, 2025

    Your next customer is destroying the 2025 Expo floor

    August 19, 2025

    Crypto Company Gemini File for Winklevoss Twins IPO

    August 16, 2025

    North Korean spies pretending to be remote workers have invaded hundreds of businesses, CloudStrike says

    August 4, 2025

    Telegram's Crypto Wallet will be released in the US

    July 22, 2025
  • Security

    Developers get prison time to disrupt the ex-employer's network with “kill switch”

    August 22, 2025

    Explain why hackers who exposed the North Korean government did that

    August 21, 2025

    Device searches at US borders hit record-breaking records, new data show

    August 20, 2025

    Listen and record all conversations “Always On” Harvard Dropout launches AI smart glasses

    August 20, 2025

    New Zero-Day startup offers $20 million for a tool that can hack your smartphone

    August 20, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Openai warns against SPVs and other “unauthorized” investments

    August 23, 2025

    Amazon AGI Labs Chief defends his reverse Acquihire

    August 23, 2025

    Y Combinator says Apple's App Store is hampering startup growth

    August 22, 2025

    Beanie baby in the brain rot era

    August 22, 2025

    Procuring multiple rounds of venture capital could be wrong for your startup

    August 21, 2025
TechBrunchTechBrunch

6 things I learned from removing LockBit

TechBrunchBy TechBrunchFebruary 21, 20244 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


This week, a wide-ranging law enforcement operation led by the UK's National Crime Agency took down LockBit, the notorious Russia-linked ransomware gang that has been wreaking havoc on businesses, hospitals and governments around the world for years.

The action brought down LockBit's leaked site, seized its servers, led to multiple arrests, and led to one of the most significant operations ever undertaken by the U.S. government against the ransomware group. Sanctions have been applied.

It's also arguably one of the most cutting-edge takedowns we've ever seen, with British authorities announcing the seizure of Rockbit's infrastructure on the group's own leak site. The site currently contains many details about the gang's inner workings, and promises that more information will be released. To come.

Here's what we've learned so far:

LockBit didn't delete victims' data – even if victims paid for it

It has long been suspected that paying a hacker's ransom demand is a gamble, with no guarantee that stolen data will be deleted. Some corporate victims have said that they “cannot guarantee” that their data will be erased.

LockBit removal confirmed this to be absolutely the case. The NCA revealed that some of the data found on LockBit's seized systems belonged to victims who paid ransoms to threat actors. This proves that even if the ransom is paid, there is no guarantee that the data will be deleted no matter what the criminals do. ” the NCA said in a statement.

Even ransomware gangs fail to patch vulnerabilities

Yes, even ransomware gangs are slow to patch software bugs.According to the Malware Research Group vx-underground LockBitSupp, the alleged leader of Operation LockBit, said law enforcement agencies used known vulnerabilities in the popular web coding language PHP to hack into the ransomware operation's servers.

The vulnerability used to compromise the server is tracked as CVE-2023-3824, a remote execution flaw, and was patched in August 2023, with LockBit taking several steps to fix the bug. It took a month.

LockBitSupp's translated message to vx-underground reads, “The FBI fabricated a server via PHP. Backup servers without PHP are not accessible.” It was originally written in Russian.

Ransomware removal takes a long time

The dismantling of Rockvit, officially known as Operation Kronos, was years in the making, according to European law enforcement agency Europol. The agency said on Tuesday that the investigation into the notorious ransomware ring began nearly two years ago, in April 2022, at the request of French authorities.

Since then, Europol has confirmed that the European Cybercrime Center (EC3) has held more than 20 steering meetings and meetings to gain leads ahead of this week's raid, the final stage of the investigation. He said he held four one-week technical sprints.

LockBit hacked over 2,000 organizations

LockBit, which first entered the cybercrime scene in 2019, has long been known to be one of the most prolific ransomware gangs, if not the most prolific.

Tuesday's operation largely confirms that, and the U.S. Department of Justice now has the numbers to back it up. According to the Department of Justice, LockBit claimed more than 2,000 of his victims in the United States and around the world, and he received more than $120 million in ransom payments.

Sanctions targeting key LockBit members could impact other ransomware

One of the top Rockbit members indicted and sanctioned on Tuesday was Russian national Ivan Gennadyevich Kondratyev, who U.S. authorities allege is connected to other ransomware gangs. ing.

Kondratyev also has ties to REvil, RansomEXX and Avaddon, according to the US Treasury Department. While RansomEXX and his Avaddon are lesser-known variants, REvil is also a Russian-based ransomware variant that hacked US network monitoring giant Kaseya and paid a multi-million dollar ransom. became famous for

Mr. Kondratyev was also named the leader of a newly disclosed subgroup of Rockbit called the “National Dangerous Association.” Little is known about this Rockbit affiliate yet, but NCA has promised to reveal more details in the coming days.

The sanctions effectively prohibit Kondratiev's U.S.-based ransomware victims from paying the ransom he demands. Sanctions could make Mr. Kondratyev's life five times harder, given that he is involved in at least five different ransomware gangs.

British people have a good sense of humor

Some people (namely me, a British person) would argue that we already knew this, but the Rockbit sting incident showed that the British authorities have a sense of humour.

NCA didn't just mock LockBit by imitating the gang's dark web leak site for its own LockBit-related disclosures. We found various Easter eggs hidden on his LockBit site, which has now been confiscated. Our favorites are the various file names for images on the site, such as “oh dear.png,” “doesnt_look_good.png,” and “this_is_really_bad.png.”

A photo of some open Tor tabs.  It has a file name such as

Image credits: tech crunch





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Developers get prison time to disrupt the ex-employer's network with “kill switch”

August 22, 2025

Explain why hackers who exposed the North Korean government did that

August 21, 2025

Device searches at US borders hit record-breaking records, new data show

August 20, 2025

Listen and record all conversations “Always On” Harvard Dropout launches AI smart glasses

August 20, 2025

New Zero-Day startup offers $20 million for a tool that can hack your smartphone

August 20, 2025

US spy chief says the UK has removed demand for apple backdoors

August 19, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

BlueSky blocks Mississippi services across age guarantee laws

August 24, 2025

Openai warns against SPVs and other “unauthorized” investments

August 23, 2025

Amazon AGI Labs Chief defends his reverse Acquihire

August 23, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.