LockBit registered nearly 200 “affiliates” over the past two years

More information about the business operations of the LockBit ransomware gang have emerged, a day after the UK National Crime Agency (NCA) and partners were able to apparently disrupt the group and deface its leak site.

According to The Register, the NCA found 187 groups and individuals registered inside the LockBit affiliate portal. LockBit operated on a Ransomware-as-a-Service (RaaS) model, in which various groups signed up and used the encryptor and the infrastructure, in exchange for a cut of the profits (the ransom payment, essentially).

The law enforcement says the affiliates registered between January 31, 2022, and February 5, 2024. 

“Have a nice day”

“Hello [user name], Law Enforcement has taken control of LockBit’s platform and obtained all the information held on there. This information relates to the LockBit group and you, their affiliate,” the NCA said in a message left on the affiliate portal, following defacement. “We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more. You can thank Lockbitsupp and their flawed infrastructure for this situation… we may be in touch with you very soon.”

 “If you would like to contact us directly, please get in touch. Have a nice day.” 

LockBit is a Russia-based ransomware group that was considered one of the biggest threats – if not the biggest threat – in the ransomware industry. Given the location, arrests are highly unlikely, but the NCA, together with the FBI and a host of other law enforcement agencies, managed to infiltrate LockBit’s infrastructure and take it down. Whether or not LockBit returns in one form or another remains to be seen. However, with law enforcement turning their attention towards the affiliates, it’s possible that the ransomware industry will change forever.

“A large amount of data has been exfiltrated from LockBit’s platform before it was all corrupted,” a notice now stands on the LockBit website. “With this data, the NCA and partners will be coordinating further enquiries to identify the hackers who pay to be a LockBit affiliate. Some basic details published here for the first time.”

Ciaran Martin, the former head of the UK’s National Cyber Security Centre told the BBC that this was “one of the most consequential disruptions ever undertaken” against a ransomware operator. “Certainly by far the biggest ever led by British police.”

More from TechRadar Pro

Source link


gaitQ and machineMD secure million dollar research grant to monitor Parkinson’s development in UK and Switzerland

Oxford-based medical technology start-up gaitQ and Swiss medical device company machineMD have announced the joint award of a million dollar research grant from Innovate UK and Innosuisse to enable the collection and analysis of critical movement data from people with Parkinson’s (PwP). The grant will fund an 18-month research project that will record movement data […]

Read More

Take-Two plans to lay off 5 percent of its employees by the end of 2024

Take-Two Interactive plans to lay off 5 percent of its workforce, or about 600 employees, by the end of the year, as reported in an SEC filing Tuesday. The studio is also canceling several in-development projects. These moves are expected to cost $160 million to $200 million to implement, and should result in $165 million […]

Read More

10 tips to avoid planting AI timebombs in your organization

At the recent HIMSS Global Health Conference & Exhibition in Orlando, I delivered a talk focused on protecting against some of the pitfalls of artificial intelligence in healthcare. The objective was to encourage healthcare professionals to think deeply about the realities of AI transformation, while providing them with real-world examples of how to proceed safely […]

Read More