Jollier
Professional
- Messages
- 1,467
- Reaction score
- 1,460
- Points
- 113
LockBit is the largest hacker organization that deals with ransomware viruses. Hackers who are not interested in "how to hack an account" or "how to hack a person", but who give all the work to others and reap the benefits. Who are the Russian hackers LockBit, how they earned more than 500 million dollars, what is their code, why they attack hospitals, how their virus works and much more.
Have you ever encountered a letter of happiness? If so, then you most likely know that these are criminals extorting money. However, this is a childish everyday level, which was most often solved by simply reinstalling Windows while saving all the files. Much more serious are the cases that make very serious uncles nervous when hackers from the LockBit group take on the matter. At the moment, this is the largest organization for extorting money on the network.
They have already received more than 500 million dollars in the course of blackmailing large companies and tens of thousands of victims. And the other day the results of the investigation were released, during which the identity of the leader of the LockBit organization was revealed. So today, what is LockBit and how was one person able to force the best of the worst to work for him, having assembled the largest group of hackers on the Darknet? Why do they attack hospitals? Why do they not work in the CIS?
And most importantly, how did the special services manage to reveal the leader of the group, who he is and why 10 million dollars are offered for his head. Listen carefully, it will be interesting. For several years now, LockBit has been the largest cyber group in the world. It has attacked thousands of organizations and people around the world, hacking their computers, encrypting personal data and demanding ransom.
Mostly, LockBit's victims are not ordinary citizens, but large companies and government organizations. The most interesting thing here is that they did not even have to do all this to do it. LockBit was able to automate the process and outsource everything, which helped them overtake all competing groups, and they became so successful that it played a cruel joke on them. But let's go back a little, namely to 2019, to the times when their ransomware was called ABCD.
This name was taken because of the extension that LockBit assigned to encrypted files .Abcd. Then in 2020, the first software called LockBit was released. Despite its functionality, the program did not gain popularity among hackers, and few people knew about the organization. But in 2021, a new version of the ransomware program LockBit 2.0 was released, which scattered throughout the Darknet like a viral video on TikTok.
Since then, the group’s malware has been constantly updated and improved. But how exactly does their program work? Most often, the malware gets onto the victim’s server or computer using good old-fashioned social engineering, where the attacker pretends to be a trusted person and asks the victim for their system passwords or simply sends a phishing link. They can also gain access by brute-forcing passwords.
With sufficient power, or if the victim’s network is improperly configured, it can take hackers just a few days to infiltrate it, sometimes even less. Once a system is infected, Lockbit’s malware begins to operate autonomously. It is programmed to use so-called post-exploitation tools that allow it to escalate privileges to gain the level of access needed to successfully attack, and also use access already opened during movement to gather information about the victim’s prospects.
It is at this stage that LockBit performs all the preparatory actions before encryption begins, in particular, disabling protection and other infrastructure elements that can allow the system to be restored. The purpose of the implementation is to make it impossible or very long for the victim to restore their systems on their own, in order to motivate the victim to pay the ransom. Usually, an organization is ready to make a deal with the attackers when it has already despaired of returning to normal work on its own.
As soon as LockBit has finished preparing, the ransomware begins to spread to all the machines it can reach. As already mentioned, LockBit does not need much to complete this stage. One element of the system with a high level of access can give the command to other elements to download and run LockBit. After that, all files of the system will be encrypted. The victim can access them only with an individual key generated by Lockbit's own decryptor. During the encryption process, a plain text file with ransom information is placed in each folder of the system.
Such files contain instructions on how to restore the system, and in some versions of Lockbit there are also blackmail threats. After all three stages have been completed, the next steps depend on the victim. The victim can contact Lockbit support and pay the ransom. Of course, no one can guarantee that your data will be returned to you. And this is despite the fact that Lockbit has its own code, which, by the way, changes from time to time.
For example, they claim that they do not work in the CIS countries. Most likely, this is because most of the group is based there, that they only target large corporations and government agencies, since they are motivated only financially and not politically. They also claim that if you comply with the conditions, they undertake to fulfill them on their part. For them, reputation is above all. Most of these points have already been violated, but why? By answering this question, we will get an answer to another one.
How did they manage to become so popular all over the world? But before answering them, remember the video about the arrest of the owner of Alpha Bay? It's funny that he would still be alive and at large if he had the ability to instantly turn off or destroy the system in an emergency. How can this be done with D2W OS? And that's not all. The ability to connect anonymity chains, rather than turn them on and configure them separately. Additional profiles for Telegram, working through the Tor network.
Prepared browsers for anonymous surfing. Change your MAC address in one click or set up automatic change. Analysis of cryptocurrency rates and the ability to conveniently monitor your wallet balance and transactions. 24/7 technical support, open source code and readiness for audit. And also manage your anonymity and security with one program. Dashboard. And now, as promised, why LockBit was able to achieve such popularity and how it played a cruel joke on them.
Already in 2022, the virus became the most widespread malware in the world. The main reason for this is the hackers' business model, the so-called ransomware as a service, Ransomware as a Service 1. A person who wanted to distribute ransomware viruses bought from LockBit administrators, an access panel, instructions and the latest versions of viruses, and in the event of a successful attack, paid a percentage of the ransom to the administrators. In the case of LockBit, the administration took up to 20% of the ransom received from the victim.
It was assumed that if the victim paid the ransom, their data would be completely deleted from LockBit's servers. But as a result of Operation Kronos, which we will talk about a little later, it turned out that this is not the case. As the director of the UK's National Crime Agency reported at a press conference following the operation, even data from companies that paid the ransom was found on the group's servers.
Yes, yes, a code of codes, and criminals, like the police, should never be trusted. The second reason is their PR campaigns. Yes, you heard right, this is not a standard group that seeks to remain in the shadows. No, most likely, on the contrary, they put a lot of effort into popularizing their brand. Almost like Anonymous, but you can’t exactly call them hacktivists, because profit is the most important thing here. For example, one of these PR campaigns was an offer to get a tattoo with their logo for thousands of dollars.
And this, as you can see, was in demand. Another company that brought great success not only among Darknet hackers, but also all the strong programmers in the world, was an offer to hack their site and find vulnerabilities. For each vulnerability, they were ready to pay up to one million dollars. And the last and perhaps most important reason for their popularity is that they are familiar companies that have been attacked, news of which has come out of the Darknet and into the public eye, in magazines and newspapers, on television, and in huge online news bulletins around the world.
For example, Boeing data was stolen. The company itself confirmed this, adding that the hack did not affect flight safety in any way and therefore refused to pay the ransom. As a result, Logbit published about 50 gigabytes of information on its Darknet site. Much of this data is backups of various Boeing systems, the latest of which is dated October 22, 2023, as well as logs of monitoring and auditing tools.
In 2024, Bank of America notifies customers that one of its suppliers was hacked last year, resulting in the theft of personal information. Personal information of customers was leaked, including names, addresses, Social Security numbers, dates of birth, and financial data, including account and bank card numbers.
Also worth noting among commercial organizations are the attacks and blackmail of such organizations as the well-known Subway, where hundreds of gigabytes of data from TSMC, the world's largest contract chipmaker, were stolen. In the same 2023, LockBit hacked Maximum Industries, a company that produces parts for SpaceX, and stole 3,000 proprietary drawings created by Elon Musk's engineers.
According to the US Department of Justice, those affected by LockBit include the British healthcare provider Advanced, the consulting firm Accenture, the international industrial company Tels Group, the German tire and automotive electronics manufacturer Continental, and many others. But what about non-profit organizations? And here, everything is not as smooth as the code says. One of the most famous and dirty attacks was carried out back in 2022, when on December 19, the Toronto-based children's hospital SicKids reported a cyberattack that led to a failure in the hospital's internal systems.
Moreover, the incident also affected the telephone lines and individual web pages of the medical institution. SicKids acknowledged that children and their parents are faced with delays in diagnosis and, accordingly, treatment. We apologize for this episode and are giving away the decoder for free. The partner who attacked the hospital violated our rules, after which we blocked him. He will no longer participate in our program. But already at the end of 2023, Lockbit attacked the KHO network of German hospitals.
The cyberattack affected three hospitals that are part of the KHO network. It is important to note that each of them plays a key role in providing medical services in their region. Therefore, an attack on their IT systems can have serious consequences for people in a critical situation. Ambulance services in these hospitals were also disabled, which could lead to critical delays in the provision of emergency medical care.
Already in 2024, the American St. Anthony Hospital was attacked with a demand to pay 900 thousand dollars within two days. In total, according to analysts, in 2023 alone, LockBit attacked almost 70 hospitals around the world. Well, the code does not really work when it comes to big money. But not only medical institutions and large companies were hit by the organization.
For example, in 2023, the Canadian government reported that two of its contractors were hacked at once, and as a result, confidential information in the amount of one and a half terabytes belonging to an unknown number of government employees, dating back to 1999, was disclosed. Their victims also included the Royal Mail of Great Britain, the small town of St. Mary's in Antario, and even the pension fund of civil servants in South Africa, which complicated the organization's work and led to a violation of pension payments. As you can see, there is no hint of Robin Hood here.
We are left with the main question - who is behind all this? As you understand, such activity could not go unnoticed by law enforcement agencies. Thus, the authorities of many countries, such as England, the USA, Australia, Canada, Germany and many others united to identify the organizers of Lockbit. And already in 2022, this yielded the first results. The US Department of Justice reported the arrest in Canada of 33-year-old Russian Mikhail Vasiliev. Although he was not the founding father of the organization, he was nevertheless one of the main extortion operators in the structure at that time.
He received only 4 years in prison. Well, the authorities expected that the company's activities would cease at least for a while, but, as in the case of the mythical hydra, two heads grow in place of the cut off head, and the organization continued to gain momentum and popularity. Then two more members of the group from Russia were detained - Mikhail Matveyev and 20-year-old Ruslan Astamirov from Chechnya. This again does not give results. And then the FBI and law enforcement agencies of different countries create the Kronos program, which was headed by US law enforcement.
It was aimed at hacking the LockBit website and the founder known under the following nicknames - LockBitSap and PutinCrab. And only at the beginning of 2024 did this give the first results. As a result of the operation, which lasted several months, the main Lockbit platform and other critical infrastructure that ensured the activities of this criminal organization were compromised. During the operation, 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the USA and the UK were seized.
During the operation, more than 14,000 accounts associated with the theft of information or infrastructure of the group were identified, which were used by Lockbit to host various tools and software used in the attacks, as well as to store files stolen from companies. Now, data on these accounts has been handed over to law enforcement agencies. Some of the data on Lockbit's systems belonged to victims who paid the ransom to the attackers.
This shows that even if the ransom is paid, it does not guarantee that the data will actually be deleted, despite the promises of the criminals. Two suspects from Ukraine and Poland have already been arrested at the request of the French authorities, their names have not yet been released. According to LockBitSap, the outage on LockBit's systems occurred when the group was preparing to release confidential information stolen during a devastating attack on government systems in Fulton County, Georgia.
Interestingly, Fulton County restored its systems, but county official Rob Pitts told the press a few hours after the takeover of LockBit's infrastructure that the county had not paid the ransom. The LockBit gang claimed that the information stolen from Fulton County included documents related to cases against Donald Trump that could have affected the upcoming US election if the leak had been disclosed.
It was possible to hack into LockBit's servers and extract all the information due to the carelessness of the management. According to the founder, he simply went on a bender and forgot to update his PHP version. Yes, reckless and careless attitude to computer security is a problem for both the companies that fall victim to ransomware attacks and those who attack them.
Well, the most interesting thing that was learned during this operation is that Dmitry Khoroshev is behind the nickname LockBitSub, under which he spoke on forums as the head of the ransomware ecosystem, he is a citizen of Russia. It was also reported that Dmitry drives a black Mercedes, and he personally reported this on the forum. According to preliminary information, Khoroshev received 20% of each ransom received from victims, and the company itself earned more than 500 million dollars over these years. Law enforcement agencies found that Khoroshev stored the stolen data of victims even after the group falsely promised to delete the information upon receipt of payment.
Khoroshev has been charged with 26 counts related to fraud, extortion, and causing damage to a protected computer. He faces up to 180 years in prison. The US Department of Justice has also announced a reward of 10 million dollars for any information that will help with the arrest of Dmitry. But that's not all. On May 10, 2024, the Lockbit admin, nicknamed Lockbit Sap, stated in an interview for the ClickHire program that he is not the person recently de-anonymized by the US Department of Justice.
Lockbit Sap claims that the FBI fabricated a case against an innocent person. He expressed regret over the possible fate of Dmitry Khoroshy. The FBI is bluffing, I am not Dmitry, I feel sorry for the real Dmitry. He will pay for my sins. Despite the earlier seizure of the group's servers and infrastructure by international law enforcement agencies in February of this year, LockbitSap claims that the group's activity has not decreased, and the seasonal decrease in hacks in the spring is a common occurrence.
The Lockbit admin emphasized that pressure from law enforcement agencies only motivates him and the group to work harder. He also announced goals for the coming year - to attack a million companies. He expressed hope for the emergence of worthy competitors in the field of malware development, criticizing current competitors for an insufficient level of skill.
In conclusion of the interview, LockBitSub explained that other hackers have the opportunity to get rich with him, emphasizing that the FBI and other law enforcement agencies lie and think only about their careers, not caring about the fate of innocent people. This is a story worthy of a Netflix and HBO adaptation. And my advice to you is not to neglect the security of your data and do not open links from unknown e-mails. In general, keep your head cool, and passwords on a piece of paper.
And I'll tell you a secret, the description will contain the contact of the person who is engaged in leaking educational materials. Write to him that you came for courses, and you will receive all the necessary information. Plus or minus 15 dollars, and you get access to a database that contains more than 60 thousand courses. You can see an approximate list of categories on the screen. All these courses were or are sold, and often for a lot of money, and you can get them for mere pennies. The project has been operating for more than three years, I recommend it.
That's all, read quality content and stay away from crime, and I'm leaving, leaving in style.
Have you ever encountered a letter of happiness? If so, then you most likely know that these are criminals extorting money. However, this is a childish everyday level, which was most often solved by simply reinstalling Windows while saving all the files. Much more serious are the cases that make very serious uncles nervous when hackers from the LockBit group take on the matter. At the moment, this is the largest organization for extorting money on the network.
They have already received more than 500 million dollars in the course of blackmailing large companies and tens of thousands of victims. And the other day the results of the investigation were released, during which the identity of the leader of the LockBit organization was revealed. So today, what is LockBit and how was one person able to force the best of the worst to work for him, having assembled the largest group of hackers on the Darknet? Why do they attack hospitals? Why do they not work in the CIS?
And most importantly, how did the special services manage to reveal the leader of the group, who he is and why 10 million dollars are offered for his head. Listen carefully, it will be interesting. For several years now, LockBit has been the largest cyber group in the world. It has attacked thousands of organizations and people around the world, hacking their computers, encrypting personal data and demanding ransom.
Mostly, LockBit's victims are not ordinary citizens, but large companies and government organizations. The most interesting thing here is that they did not even have to do all this to do it. LockBit was able to automate the process and outsource everything, which helped them overtake all competing groups, and they became so successful that it played a cruel joke on them. But let's go back a little, namely to 2019, to the times when their ransomware was called ABCD.
This name was taken because of the extension that LockBit assigned to encrypted files .Abcd. Then in 2020, the first software called LockBit was released. Despite its functionality, the program did not gain popularity among hackers, and few people knew about the organization. But in 2021, a new version of the ransomware program LockBit 2.0 was released, which scattered throughout the Darknet like a viral video on TikTok.
Since then, the group’s malware has been constantly updated and improved. But how exactly does their program work? Most often, the malware gets onto the victim’s server or computer using good old-fashioned social engineering, where the attacker pretends to be a trusted person and asks the victim for their system passwords or simply sends a phishing link. They can also gain access by brute-forcing passwords.
With sufficient power, or if the victim’s network is improperly configured, it can take hackers just a few days to infiltrate it, sometimes even less. Once a system is infected, Lockbit’s malware begins to operate autonomously. It is programmed to use so-called post-exploitation tools that allow it to escalate privileges to gain the level of access needed to successfully attack, and also use access already opened during movement to gather information about the victim’s prospects.
It is at this stage that LockBit performs all the preparatory actions before encryption begins, in particular, disabling protection and other infrastructure elements that can allow the system to be restored. The purpose of the implementation is to make it impossible or very long for the victim to restore their systems on their own, in order to motivate the victim to pay the ransom. Usually, an organization is ready to make a deal with the attackers when it has already despaired of returning to normal work on its own.
As soon as LockBit has finished preparing, the ransomware begins to spread to all the machines it can reach. As already mentioned, LockBit does not need much to complete this stage. One element of the system with a high level of access can give the command to other elements to download and run LockBit. After that, all files of the system will be encrypted. The victim can access them only with an individual key generated by Lockbit's own decryptor. During the encryption process, a plain text file with ransom information is placed in each folder of the system.
Such files contain instructions on how to restore the system, and in some versions of Lockbit there are also blackmail threats. After all three stages have been completed, the next steps depend on the victim. The victim can contact Lockbit support and pay the ransom. Of course, no one can guarantee that your data will be returned to you. And this is despite the fact that Lockbit has its own code, which, by the way, changes from time to time.
For example, they claim that they do not work in the CIS countries. Most likely, this is because most of the group is based there, that they only target large corporations and government agencies, since they are motivated only financially and not politically. They also claim that if you comply with the conditions, they undertake to fulfill them on their part. For them, reputation is above all. Most of these points have already been violated, but why? By answering this question, we will get an answer to another one.
How did they manage to become so popular all over the world? But before answering them, remember the video about the arrest of the owner of Alpha Bay? It's funny that he would still be alive and at large if he had the ability to instantly turn off or destroy the system in an emergency. How can this be done with D2W OS? And that's not all. The ability to connect anonymity chains, rather than turn them on and configure them separately. Additional profiles for Telegram, working through the Tor network.
Prepared browsers for anonymous surfing. Change your MAC address in one click or set up automatic change. Analysis of cryptocurrency rates and the ability to conveniently monitor your wallet balance and transactions. 24/7 technical support, open source code and readiness for audit. And also manage your anonymity and security with one program. Dashboard. And now, as promised, why LockBit was able to achieve such popularity and how it played a cruel joke on them.
Already in 2022, the virus became the most widespread malware in the world. The main reason for this is the hackers' business model, the so-called ransomware as a service, Ransomware as a Service 1. A person who wanted to distribute ransomware viruses bought from LockBit administrators, an access panel, instructions and the latest versions of viruses, and in the event of a successful attack, paid a percentage of the ransom to the administrators. In the case of LockBit, the administration took up to 20% of the ransom received from the victim.
It was assumed that if the victim paid the ransom, their data would be completely deleted from LockBit's servers. But as a result of Operation Kronos, which we will talk about a little later, it turned out that this is not the case. As the director of the UK's National Crime Agency reported at a press conference following the operation, even data from companies that paid the ransom was found on the group's servers.
Yes, yes, a code of codes, and criminals, like the police, should never be trusted. The second reason is their PR campaigns. Yes, you heard right, this is not a standard group that seeks to remain in the shadows. No, most likely, on the contrary, they put a lot of effort into popularizing their brand. Almost like Anonymous, but you can’t exactly call them hacktivists, because profit is the most important thing here. For example, one of these PR campaigns was an offer to get a tattoo with their logo for thousands of dollars.
And this, as you can see, was in demand. Another company that brought great success not only among Darknet hackers, but also all the strong programmers in the world, was an offer to hack their site and find vulnerabilities. For each vulnerability, they were ready to pay up to one million dollars. And the last and perhaps most important reason for their popularity is that they are familiar companies that have been attacked, news of which has come out of the Darknet and into the public eye, in magazines and newspapers, on television, and in huge online news bulletins around the world.
For example, Boeing data was stolen. The company itself confirmed this, adding that the hack did not affect flight safety in any way and therefore refused to pay the ransom. As a result, Logbit published about 50 gigabytes of information on its Darknet site. Much of this data is backups of various Boeing systems, the latest of which is dated October 22, 2023, as well as logs of monitoring and auditing tools.
In 2024, Bank of America notifies customers that one of its suppliers was hacked last year, resulting in the theft of personal information. Personal information of customers was leaked, including names, addresses, Social Security numbers, dates of birth, and financial data, including account and bank card numbers.
Also worth noting among commercial organizations are the attacks and blackmail of such organizations as the well-known Subway, where hundreds of gigabytes of data from TSMC, the world's largest contract chipmaker, were stolen. In the same 2023, LockBit hacked Maximum Industries, a company that produces parts for SpaceX, and stole 3,000 proprietary drawings created by Elon Musk's engineers.
According to the US Department of Justice, those affected by LockBit include the British healthcare provider Advanced, the consulting firm Accenture, the international industrial company Tels Group, the German tire and automotive electronics manufacturer Continental, and many others. But what about non-profit organizations? And here, everything is not as smooth as the code says. One of the most famous and dirty attacks was carried out back in 2022, when on December 19, the Toronto-based children's hospital SicKids reported a cyberattack that led to a failure in the hospital's internal systems.
Moreover, the incident also affected the telephone lines and individual web pages of the medical institution. SicKids acknowledged that children and their parents are faced with delays in diagnosis and, accordingly, treatment. We apologize for this episode and are giving away the decoder for free. The partner who attacked the hospital violated our rules, after which we blocked him. He will no longer participate in our program. But already at the end of 2023, Lockbit attacked the KHO network of German hospitals.
The cyberattack affected three hospitals that are part of the KHO network. It is important to note that each of them plays a key role in providing medical services in their region. Therefore, an attack on their IT systems can have serious consequences for people in a critical situation. Ambulance services in these hospitals were also disabled, which could lead to critical delays in the provision of emergency medical care.
Already in 2024, the American St. Anthony Hospital was attacked with a demand to pay 900 thousand dollars within two days. In total, according to analysts, in 2023 alone, LockBit attacked almost 70 hospitals around the world. Well, the code does not really work when it comes to big money. But not only medical institutions and large companies were hit by the organization.
For example, in 2023, the Canadian government reported that two of its contractors were hacked at once, and as a result, confidential information in the amount of one and a half terabytes belonging to an unknown number of government employees, dating back to 1999, was disclosed. Their victims also included the Royal Mail of Great Britain, the small town of St. Mary's in Antario, and even the pension fund of civil servants in South Africa, which complicated the organization's work and led to a violation of pension payments. As you can see, there is no hint of Robin Hood here.
We are left with the main question - who is behind all this? As you understand, such activity could not go unnoticed by law enforcement agencies. Thus, the authorities of many countries, such as England, the USA, Australia, Canada, Germany and many others united to identify the organizers of Lockbit. And already in 2022, this yielded the first results. The US Department of Justice reported the arrest in Canada of 33-year-old Russian Mikhail Vasiliev. Although he was not the founding father of the organization, he was nevertheless one of the main extortion operators in the structure at that time.
He received only 4 years in prison. Well, the authorities expected that the company's activities would cease at least for a while, but, as in the case of the mythical hydra, two heads grow in place of the cut off head, and the organization continued to gain momentum and popularity. Then two more members of the group from Russia were detained - Mikhail Matveyev and 20-year-old Ruslan Astamirov from Chechnya. This again does not give results. And then the FBI and law enforcement agencies of different countries create the Kronos program, which was headed by US law enforcement.
It was aimed at hacking the LockBit website and the founder known under the following nicknames - LockBitSap and PutinCrab. And only at the beginning of 2024 did this give the first results. As a result of the operation, which lasted several months, the main Lockbit platform and other critical infrastructure that ensured the activities of this criminal organization were compromised. During the operation, 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the USA and the UK were seized.
During the operation, more than 14,000 accounts associated with the theft of information or infrastructure of the group were identified, which were used by Lockbit to host various tools and software used in the attacks, as well as to store files stolen from companies. Now, data on these accounts has been handed over to law enforcement agencies. Some of the data on Lockbit's systems belonged to victims who paid the ransom to the attackers.
This shows that even if the ransom is paid, it does not guarantee that the data will actually be deleted, despite the promises of the criminals. Two suspects from Ukraine and Poland have already been arrested at the request of the French authorities, their names have not yet been released. According to LockBitSap, the outage on LockBit's systems occurred when the group was preparing to release confidential information stolen during a devastating attack on government systems in Fulton County, Georgia.
Interestingly, Fulton County restored its systems, but county official Rob Pitts told the press a few hours after the takeover of LockBit's infrastructure that the county had not paid the ransom. The LockBit gang claimed that the information stolen from Fulton County included documents related to cases against Donald Trump that could have affected the upcoming US election if the leak had been disclosed.
It was possible to hack into LockBit's servers and extract all the information due to the carelessness of the management. According to the founder, he simply went on a bender and forgot to update his PHP version. Yes, reckless and careless attitude to computer security is a problem for both the companies that fall victim to ransomware attacks and those who attack them.
Well, the most interesting thing that was learned during this operation is that Dmitry Khoroshev is behind the nickname LockBitSub, under which he spoke on forums as the head of the ransomware ecosystem, he is a citizen of Russia. It was also reported that Dmitry drives a black Mercedes, and he personally reported this on the forum. According to preliminary information, Khoroshev received 20% of each ransom received from victims, and the company itself earned more than 500 million dollars over these years. Law enforcement agencies found that Khoroshev stored the stolen data of victims even after the group falsely promised to delete the information upon receipt of payment.
Khoroshev has been charged with 26 counts related to fraud, extortion, and causing damage to a protected computer. He faces up to 180 years in prison. The US Department of Justice has also announced a reward of 10 million dollars for any information that will help with the arrest of Dmitry. But that's not all. On May 10, 2024, the Lockbit admin, nicknamed Lockbit Sap, stated in an interview for the ClickHire program that he is not the person recently de-anonymized by the US Department of Justice.
Lockbit Sap claims that the FBI fabricated a case against an innocent person. He expressed regret over the possible fate of Dmitry Khoroshy. The FBI is bluffing, I am not Dmitry, I feel sorry for the real Dmitry. He will pay for my sins. Despite the earlier seizure of the group's servers and infrastructure by international law enforcement agencies in February of this year, LockbitSap claims that the group's activity has not decreased, and the seasonal decrease in hacks in the spring is a common occurrence.
The Lockbit admin emphasized that pressure from law enforcement agencies only motivates him and the group to work harder. He also announced goals for the coming year - to attack a million companies. He expressed hope for the emergence of worthy competitors in the field of malware development, criticizing current competitors for an insufficient level of skill.
In conclusion of the interview, LockBitSub explained that other hackers have the opportunity to get rich with him, emphasizing that the FBI and other law enforcement agencies lie and think only about their careers, not caring about the fate of innocent people. This is a story worthy of a Netflix and HBO adaptation. And my advice to you is not to neglect the security of your data and do not open links from unknown e-mails. In general, keep your head cool, and passwords on a piece of paper.
And I'll tell you a secret, the description will contain the contact of the person who is engaged in leaking educational materials. Write to him that you came for courses, and you will receive all the necessary information. Plus or minus 15 dollars, and you get access to a database that contains more than 60 thousand courses. You can see an approximate list of categories on the screen. All these courses were or are sold, and often for a lot of money, and you can get them for mere pennies. The project has been operating for more than three years, I recommend it.
That's all, read quality content and stay away from crime, and I'm leaving, leaving in style.
