Skip to content Skip to footer

Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement

Recently, authorities have confirmed that LockBitSupp, the person or group behind the notorious LockBit service, has “engaged with law enforcement.” This development comes following the takedown of the LockBit -as-a-service (RaaS) operation in a coordinated international operation codenamed Cronos. Over 14,000 rogue accounts on third-party services used by criminals, such as Mega, Protonmail, and Tutanota, have been shut down as part of the operation.

According to a message posted on the now-seized and offline dark site, authorities have identified the person behind the LockBitSupp persona. They know where they live and how much they are worth, and they even reveal that the individual has engaged with law enforcement. Long-term watchers of LockBit believe this revelation is an attempt to create suspicion and sow seeds of distrust among affiliates, ultimately undermining the group's trust within the cybercrime ecosystem.

Research published by Analyst1 in August 2023 suggests that at least three different people have operated the LockBit and LockBitSupp accounts, including the gang's leader. However, LockBit told malware research group VX-Underground that they did not believe law enforcement knew their identities.

LockBit, also known as Gold Mystic and Water Selkie, has had several iterations since its inception in September 2019, including LockBit Red, LockBit Black, and LockBit Green. The cybercrime syndicate secretly developed a new version called LockBit-NG-Dev before its infrastructure was dismantled. LockBit-NG-Dev is now written in .NET and compiled using CoreRT, which allows the code to be more platform-agnostic. It has removed the self-propagating capabilities and the ability to print ransom notes via the user's printers.

One of the notable additions in LockBit-NG-Dev is a validity period. This feature ensures that the malware continues its operation only if the current date is within a specific date range, which suggests that the developers are trying to prevent the reuse of the malware and resist automated analysis.

Several logistical, technical, and reputational problems spurred work on the following generation variant. These issues were prominently driven by a disgruntled developer's leak of the builder in September 2022 and concerns that one of its administrators may have been replaced by agents. Additionally, the LockBit-managed accounts were banned from and XSS towards the end of January 2024 for failing to pay an initial access broker who provided them with access.

Trend Micro, a company, stated that LockBitSupp is likely using its reputation to carry more weight when negotiating payment for access or the share of ransom payouts with affiliates. PRODAFT, another company, has also noted that LockBit is one of the most active groups in the world and has been responsible for several high-profile attacks in recent years.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You've enjoyed all the power you've been given, haven't you? I wonder how you'd take to working in a pocket calculator.Master Control Program

Deitasoft © 2024. All Rights Reserved.