Today sees an update about the ongoing LockBit saga.
Readers of my posts over the last year will know that I have written many times about the antics of this threat actor, and some of the devastating attacks they have been responsible for. My last post concerning them was the news everyone was waiting for – their takedown.
This news came back in February, and at the time, the UK’s National Crime Agency played a brilliant game by not only taking down the entire LockBit operation, but managed to compromise their databases recovering a wealth of data, decryption keys, and much more – but the pièce de résistance was the mimicry of the LockBit leak site where they exposed the operation and threatened more activity in the coming months.
Shorty after the takedown, LockBit went on a bit of a rant about how law enforcement would never catch them, and that they wouldn’t keep them from continuing their activity – and very quickly, a new LockBit site was launched.
However, all was not as it seemed – LockBit started to post “new” victims, which the Internet quickly pointed out that these were victims that had been posted by LockBit many months before – a move that made LockBit look very foolish, and lost them a serious amount of credibility – it was obvious they were in panic mode and trying to big-up their capabilities.
Takedown 2
Well, it now transpires that the NCA and their partners appeared to have more up their sleeves – yesterday the lockBit site was resurrected, as seen below:
The Cronos task force – the team behind the LockBit operation have once again mimicked the Lockbit site with “leak” news – This time hinting that new updates will be forthcoming tomorrow (7th May). It’s a bank holiday in the UK today, so no activity will happen today – plus the weather is nice, so the NCA will be like the rest of the UK – out enjoying a BBQ!
I’ll be keeping an eye out for this breaking news and following up with another post in the ongoing LockBit saga.
