What comes around goes around.
When the US and UK authorities teamed up to seize LockBit's dark web portal, the notorious ransomware gang was no longer operational, and the data leak was stopped immediately.
Recently, an international coalition of law enforcement agencies resurrected the dead site to troll the infamous cybercriminals. Some posts have tantalizing titles such as "Who is LockBitSupp?", "What have we learnt?" and "More LB hackers exposed," indicating that new information is imminent.
Operation Cronos Strikes Back
(Photo : Erik Mclean from Unsplash) Police agencies were able to revive the long-dead dark web portal of the LockBit ransomware gang, trolling the cybercriminals with a different twist this time.
Earlier in February, a formidable alliance of international forces, including the UK's National Crime Agency and the US Federal Bureau of Investigation, alongside teams from Germany, Finland, France, Japan, and more, successfully infiltrated and seized LockBit's official darknet presence.
The operation, dubbed "Operation Cronos," not only disrupted the group's activities but also led to the arrests of two alleged members in Ukraine and Poland, dismantling 34 servers, and the seizure of over 200 cryptocurrency wallets linked to the gang.
Despite requests for comments, the NCA and FBI have remained tight-lipped about the ongoing investigations.
Related Article: US Imposes Sanctions on 2 Lockbit Ransomware Gang Members After Its Website Taken Down
How Dangerous is LockBit
Since its emergence in 2019, LockBit has rapidly climbed the ranks to become one of the most formidable ransomware syndicates globally, amassing millions in ransom payments.
Undeterred by the setback, LockBit demonstrated its resilience, bouncing back swiftly after February's takedown with a new leak site on the dark web. The group continues to post updates and claim new victims, underscoring the persistent and evolving nature of cyber threats.
In Q1 2024, LockBit joined Black Basta as the most dominating ransomware in Q1 2024.
Countdown to Disclosure
According to TechCrunch, the latest updates on the reactivated LockBit site are accompanied by a countdown scheduled to conclude at 9 a.m. Eastern Time on Tuesday, May 7. This timer suggests when law enforcement will unveil their latest findings and actions against the LockBit operators. Additionally, a post indicated that the site would be permanently shut down in four days, adding a layer of urgency to the unfolding drama.
Skepticism and Controversy
Despite the official narrative of significant inroads made into dismantling LockBit, skepticism remains. The group's alleged leader, LockBitSupp, has dismissed law enforcement claims as overstated in a recent interview. Moreover, the hacking collective vx-underground reported conversations with LockBit's administrative staff, who accused the police of fabricating their success, evidenced by their continued operations. This skepticism and controversy highlight the challenges faced by law enforcement in combating cybercrime and the need for continued efforts and vigilance.
"I don't understand why they're putting on this little show. They're clearly upset we continue to work," a staff member expressed, hinting at the ongoing tension between cybercriminals and authorities.
Unmasking LockBitSupp?
Amidst the hot-and-cold controversies and strategic moves by law enforcement, one of the posts on the seized LockBit site has vowed to unveil LockBitSupp's identity on the looming deadline. This promise echoes previous unfulfilled assurances, leaving the cybersecurity community and affected stakeholders in suspense over the potential major reveal.
Read Also: LockBit Ransomware Gang Leaks 43 GB of Files After Boeing Failed to Pay Ransom
