Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Brian Cinderman's new fund has a twist, with Peter Thiel as a major supporter

July 14, 2025

Former Sequoia partner Matt Miller will raise $355 million for the new fund.

July 14, 2025

Following YouTube, Meta announces crackdowns on “non-original” Facebook content

July 14, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Following YouTube, Meta announces crackdowns on “non-original” Facebook content

    July 14, 2025

    When browser wars get hot, there are the hottest alternatives for Chrome and Safari in 2025

    July 14, 2025

    Elon Musk's Groke makes AI companions, including goth anime girls

    July 14, 2025

    Notebooklm adds featured notebooks like the Economist, Atlantic and more

    July 14, 2025

    Weekly subscriptions dominate iOS app revenue, report discovers

    July 14, 2025
  • Crypto

    Bitcoin surpasses $118K at the second highest high in 24 hours

    July 11, 2025

    Vitalik Buterin reserves for Sam Altman's global project

    June 28, 2025

    Calci will close a $185 million round as rival Polymeruk reportedly seeks $200 million

    June 25, 2025

    Stablecoin Evangelist: Katie Haun's Battle of Digital Dollars

    June 22, 2025

    Hackers steal and destroy millions of Iran's biggest crypto exchanges

    June 18, 2025
  • Security

    Episolus informs millions of people that their health data has been stolen

    July 14, 2025

    Trump administration spends $1 billion on “aggressive” hacking operations

    July 14, 2025

    It has been revealed that it has confused the winner of the 2025 audience selection

    July 14, 2025

    Elmo's X account has been hacked and publishes racist and anti-paralytic posts

    July 14, 2025

    Can “ethical” spyware makers justify offering their technology to ice?

    July 11, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Brian Cinderman's new fund has a twist, with Peter Thiel as a major supporter

    July 14, 2025

    Former Sequoia partner Matt Miller will raise $355 million for the new fund.

    July 14, 2025

    All TC stages will be on sale in Boston tomorrow, with ticket prices rising

    July 14, 2025

    Elon Musk's SpaceX may invest $2 billion in Musk's Xai

    July 13, 2025

    TC All stages will be in Boston tomorrow, prices will rise by then

    July 13, 2025
TechBrunchTechBrunch

6 things I learned from removing LockBit

TechBrunchBy TechBrunchFebruary 21, 20244 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


This week, a wide-ranging law enforcement operation led by the UK's National Crime Agency took down LockBit, the notorious Russia-linked ransomware gang that has been wreaking havoc on businesses, hospitals and governments around the world for years.

The action brought down LockBit's leaked site, seized its servers, led to multiple arrests, and led to one of the most significant operations ever undertaken by the U.S. government against the ransomware group. Sanctions have been applied.

It's also arguably one of the most cutting-edge takedowns we've ever seen, with British authorities announcing the seizure of Rockbit's infrastructure on the group's own leak site. The site currently contains many details about the gang's inner workings, and promises that more information will be released. To come.

Here's what we've learned so far:

LockBit didn't delete victims' data – even if victims paid for it

It has long been suspected that paying a hacker's ransom demand is a gamble, with no guarantee that stolen data will be deleted. Some corporate victims have said that they “cannot guarantee” that their data will be erased.

LockBit removal confirmed this to be absolutely the case. The NCA revealed that some of the data found on LockBit's seized systems belonged to victims who paid ransoms to threat actors. This proves that even if the ransom is paid, there is no guarantee that the data will be deleted no matter what the criminals do. ” the NCA said in a statement.

Even ransomware gangs fail to patch vulnerabilities

Yes, even ransomware gangs are slow to patch software bugs.According to the Malware Research Group vx-underground LockBitSupp, the alleged leader of Operation LockBit, said law enforcement agencies used known vulnerabilities in the popular web coding language PHP to hack into the ransomware operation's servers.

The vulnerability used to compromise the server is tracked as CVE-2023-3824, a remote execution flaw, and was patched in August 2023, with LockBit taking several steps to fix the bug. It took a month.

LockBitSupp's translated message to vx-underground reads, “The FBI fabricated a server via PHP. Backup servers without PHP are not accessible.” It was originally written in Russian.

Ransomware removal takes a long time

The dismantling of Rockvit, officially known as Operation Kronos, was years in the making, according to European law enforcement agency Europol. The agency said on Tuesday that the investigation into the notorious ransomware ring began nearly two years ago, in April 2022, at the request of French authorities.

Since then, Europol has confirmed that the European Cybercrime Center (EC3) has held more than 20 steering meetings and meetings to gain leads ahead of this week's raid, the final stage of the investigation. He said he held four one-week technical sprints.

LockBit hacked over 2,000 organizations

LockBit, which first entered the cybercrime scene in 2019, has long been known to be one of the most prolific ransomware gangs, if not the most prolific.

Tuesday's operation largely confirms that, and the U.S. Department of Justice now has the numbers to back it up. According to the Department of Justice, LockBit claimed more than 2,000 of his victims in the United States and around the world, and he received more than $120 million in ransom payments.

Sanctions targeting key LockBit members could impact other ransomware

One of the top Rockbit members indicted and sanctioned on Tuesday was Russian national Ivan Gennadyevich Kondratyev, who U.S. authorities allege is connected to other ransomware gangs. ing.

Kondratyev also has ties to REvil, RansomEXX and Avaddon, according to the US Treasury Department. While RansomEXX and his Avaddon are lesser-known variants, REvil is also a Russian-based ransomware variant that hacked US network monitoring giant Kaseya and paid a multi-million dollar ransom. became famous for

Mr. Kondratyev was also named the leader of a newly disclosed subgroup of Rockbit called the “National Dangerous Association.” Little is known about this Rockbit affiliate yet, but NCA has promised to reveal more details in the coming days.

The sanctions effectively prohibit Kondratiev's U.S.-based ransomware victims from paying the ransom he demands. Sanctions could make Mr. Kondratyev's life five times harder, given that he is involved in at least five different ransomware gangs.

British people have a good sense of humor

Some people (namely me, a British person) would argue that we already knew this, but the Rockbit sting incident showed that the British authorities have a sense of humour.

NCA didn't just mock LockBit by imitating the gang's dark web leak site for its own LockBit-related disclosures. We found various Easter eggs hidden on his LockBit site, which has now been confiscated. Our favorites are the various file names for images on the site, such as “oh dear.png,” “doesnt_look_good.png,” and “this_is_really_bad.png.”

A photo of some open Tor tabs.  It has a file name such as

Image credits: tech crunch





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Episolus informs millions of people that their health data has been stolen

July 14, 2025

Trump administration spends $1 billion on “aggressive” hacking operations

July 14, 2025

It has been revealed that it has confused the winner of the 2025 audience selection

July 14, 2025

Elmo's X account has been hacked and publishes racist and anti-paralytic posts

July 14, 2025

Can “ethical” spyware makers justify offering their technology to ice?

July 11, 2025

CISA confirms that hackers are actively taking advantage of the critical “Citrix Bleed 2” bug

July 11, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Brian Cinderman's new fund has a twist, with Peter Thiel as a major supporter

July 14, 2025

Former Sequoia partner Matt Miller will raise $355 million for the new fund.

July 14, 2025

Following YouTube, Meta announces crackdowns on “non-original” Facebook content

July 14, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.