An international coalition of law enforcement agencies has resurrected the dark website of the notorious LockBit ransomware gang, which they took down earlier this year, teasing new revelations about the group.
On Sunday, what was once LockBit’s official darknet site resurfaced online with new posts suggesting that authorities plan to release new information about the hackers in the next 24 hours, as of this writing.
The posts have titles like “Who is LockBitSupp?”, “What we’ve learned,” “More LB hackers exposed,” and “What did we do?”
In February, a law enforcement coalition that included the UK’s National Crime Agency, the US Federal Bureau of Investigation, as well as forces from Germany, Finland, France, Japan and others announced that they had infiltrated the official website of LockBit. The coalition took over the site and replaced information about it with its own press release and other information, in a clear attempt to troll and warn hackers that authorities are watching them.
The February operation also included the arrests of two alleged LockBit members in Ukraine and Poland, the takedown of 34 servers across Europe, the UK and the US, and the seizure of more than 200 cryptocurrency wallets belonging to the hackers.
The NCA and the FBI did not immediately respond to a request for comment.
LockBit first appeared in 2019 and has since become one of the most prolific ransomware gangs in the world, netting millions of dollars in ransom payments. The team has proven to be very resilient. Even after the February takedown, the group resurfaced with a new dark web leak site that has been actively updated with new alleged victims.
All but one of the new posts on the seized site have a countdown that ends at 9am. eastern time on Tuesday, May 7, suggesting that’s when law enforcement will announce the new actions against LockBit. Another post says the site will be shut down in four days.
Since authorities announced what they called “Operation Cronos” against LockBit in February, the group’s leader, known as LockBitSupp he argued in an interview that law enforcement has exaggerated its access to the criminal organization as well as the effect of its eradication.
On Sunday, the hacking collective vx-underground wrote to X that they had spoken to LockBit management staff who had told them that the police were lying.
“I don’t understand why they are doing this little show. They are clearly upset that we are still working,” the staff said, according to vx-underground.
The identity of LockBitSupp is still unknown, although that could change soon. One of the new posts on the seized website LockBit promises to reveal the identity of the hacker on Tuesday. It should be noted, however, that the previous version of the seized site also seemed to promise to reveal the identity of the gang leader, but ultimately failed to do so.
