Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

OpenAI bets on families as ChatGPT goes deeper into households

A new app, HyperTexting, turns the open web into a social media scrolling-like stream

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    OpenAI bets on families as ChatGPT goes deeper into households

    11 July 2026

    Meta removes controversial AI feature on Instagram after backlash

    11 July 2026

    OpenAI launches its new family of models with GPT-5.6

    10 July 2026

    Fidji Simo resigns from the no. 2 role

    10 July 2026

    Nvidia is a victim of the PC market it created

    9 July 2026
  • Apps

    A new app, HyperTexting, turns the open web into a social media scrolling-like stream

    11 July 2026

    Apple is suing OpenAI for alleged trade secret theft

    11 July 2026

    EU threatens Meta with fines for addictive features on Facebook and Instagram

    10 July 2026

    Instagram users: Here’s how to stop Meta’s AI from using your photos

    10 July 2026

    Anthropic’s new Claude ability quietly sells you on the AI

    9 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026

    Elon Musk praises Mythos/Fable, promises not to ‘cut’ Anthropic

    10 July 2026

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026
  • Media & Entertainment

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026
  • Security

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026
  • Startups

    Former OpenAI executive Kevin Weil is now on Stoke Space’s board

    11 July 2026

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026

    These AI startups are growing revenue at an ever-faster pace

    10 July 2026

    Popular Open Source AI Developer Tool Ollama Raises $65M, Grows to Nearly 9M Users

    9 July 2026
  • Transportation

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026

    Federal authorities are demanding that autonomous vehicle companies stop interfering with first responders

    9 July 2026

    Another massive data breach exposed millions of driver’s license numbers

    8 July 2026

    This startup brings dealers together to bid on your used car

    7 July 2026
  • Venture

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Six things we learned from taking down LockBit
Security

Six things we learned from taking down LockBit

techtost.comBy techtost.com25 February 202404 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Six Things We Learned From Taking Down Lockbit
Share
Facebook Twitter LinkedIn Pinterest Email

A sweeping law enforcement operation led by the UK’s National Crime Agency (NCA) this week took down LockBit, the notorious Russian-linked ransomware gang that has for years wreaked havoc on businesses, hospitals and governments in Worldwide.

The action resulted in the LockBit leak site, the seizure of its servers, multiple arrests and US government sanctions in one of the most significant operations against a ransomware group to date.

It’s also arguably one of the most innovative busts we’ve seen, with UK authorities announcing the seizure of LockBit’s infrastructure on the group’s own leak site, which now hosts a host of details about its inner workings gang — with the promise of more to come.

Here’s what we’ve learned so far.

LockBit didn’t delete victims’ data — even if they paid

It has long been suspected that paying a hacker’s ransom demand is a gamble and not a guarantee that the stolen data will be deleted. Some corporate victims have said so, saying they “cannot guarantee” their data will be deleted.

Removing LockBit confirmed for us that this is the case. The NCA revealed that some of the data found on LockBit’s seized systems belonged to victims who had paid ransoms to threat actors, “demonstrating that even when a ransom is paid, it does not guarantee that the data will be deleted, despite what the criminals have promised “, the the NCA said in a statement.

Even ransomware gangs fail to patch vulnerabilities

Yes, even ransomware gangs are slow to patch software bugs. According to the Malware Research Group vx-basement citing LockBitSupp, the alleged leader of the LockBit operation, law enforcement broke into the ransomware operation’s servers using a known vulnerability in the popular PHP web coding language.

The vulnerability used to compromise its servers is tracked as CVE-2023-3824a remote execution flaw fixed in August 2023, giving LockBit months to fix the bug.

“FBI f****d up servers via PHP, non-PHP backup servers can’t be touched,” reads LockBitSupp’s translated message on vx-underground, originally written in Russian.

Ransomware removal takes a long time

According to European law enforcement agency Europol, the takedown of LockBit, officially known as “Operation Cronos,” was years in the making. The agency revealed on Tuesday that its investigation into the notorious ransomware gang began in April 2022, about two years ago at the request of French authorities

Since then, Europol said its European Cybercrime Centre, or EC3, has held more than a dozen operational meetings and four week-long technical sprints to develop investigative evidence ahead of the investigation’s final phase: this week’s takedown .

LockBit has hacked more than 2,000 organizations

LockBit, which first entered the competitive cybercrime scene in 2019, has long been known to be one of, if not the most, prolific ransomware gangs.

Tuesday’s operation confirms that, and now the US Department of Justice has numbers to back it up. According to the DOJ, LockBit has claimed over 2,000 victims in the US and worldwide and received more than $120 million in ransom payments.

Sanctions targeting a key member of LockBit may affect other ransomware

One of the top LockBit members indicted and sanctioned on Tuesday is a Russian national, Ivan Gennadievich Kondratiev, who US officials allege is involved in other ransomware gangs.

According to the US Treasury Department, Kondratiev also has ties to REvil, RansomEXX, and Avaddon. While RansomEXX and Avaddon are lesser-known variants, REvil was another Russia-based ransomware variant that gained notoriety for high-profile hacks, making millions in ransom payments by breaching US network monitoring giant Kaseya.

Kondratiev was too was named a leader of a recently revealed LockBit sub-group called the “National Hazard Society”. Little else is known about this LockBit subsidiary, but NCA has promised to reveal more in the coming days.

The sanctions effectively bar US-based victims of Kondratiev’s ransomware from paying him the ransom he demands. Since Kondratiev has his hands in at least five different ransomware gangs, the sanctions are likely to make his life five times more difficult.

The British have a sense of humor

Some people (ie, me, a Brit) would argue that we already knew this, but the LockBit sting showed us that the UK authorities have a sense of humour.

Not only is the NCA mocking LockBit by mimicking the gang’s dark leak site for its own LockBit-related revelations, but we’ve also found various Easter eggs hidden within LockBit’s now-seized website. Our favorite is the various file names for the site’s images, which include “oh dear.png”, “doesnt_look_good.png” and “this_is_really_bad.png”.

Image Credits: TechCrunch

cyber attacks cyber security learned lockbit ransomware
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleGoogle court filing reveals new business details of DuckDuckGo and Neeva
Next Article Bluesky opens up the federation, letting anyone run their own server
bhanuprakash.cg
techtost.com
  • Website

Related Posts

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026

Another massive data breach exposed millions of driver’s license numbers

8 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

11 July 2026

OpenAI bets on families as ChatGPT goes deeper into households

11 July 2026

A new app, HyperTexting, turns the open web into a social media scrolling-like stream

11 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.