A day after the UK's National Crime Agency (NCA) and its partners were apparently able to compromise the group and disrupt its leak site, more information about the business operations of the Lockbit ransomware gang has emerged.
According to The Register, the NCA found 187 groups and individuals registered within the Lockbit affiliate portal**. Lockbit employs a ransomware-as-a-service (RaaS) model, in which various groups sign up and use encryption machines and infrastructure in exchange for a share of profits (essentially a ransom payment).
Law enforcement said the affiliates were registered between January 31, 2022, and February 5, 2024.
Hello [username], law enforcement has taken control of Lockbit's platform and has access to all the information held there. This information is related to the Lockbit Group and you, their affiliates," said the NCA in a message left on the affiliate portal ** after the defacement. "We have the source**, the details of the victim of your attack, the amount of money ransom, the stolen data, the chat history, and much more. You can thank LockBitsupp and their flawed infrastructure for coping with the situation. We may get in touch with you soon.
If you would like to contact us directly, please contact us. Have a nice day.
Lockbit is a Russia-based ransomware group that is considered one of the biggest threats – if not the biggest – in the ransomware industry. Given the location, arrest is extremely unlikely, but the NCA, along with the FBI and many other law enforcement agencies, managed to infiltrate Lockbit's infrastructure and take it down. It remains to be seen whether Lockbit returns in one form or another. However, as law enforcement turns its attention to affiliates, the ransomware industry could change forever.
A large amount of data had been leaked from Lockbit's platform before it was all breached, "There is now a notification on LockBit**. "With this data, the NCA and partners will coordinate further investigations to identify hackers who paid to become Lockbit affiliates. Some of the essential details are being released here for the first time.
Ciaran Martin, the former head of the UK's National Cyber Security Centre, told the BBC that it was "one of the worst breaches ever" against ransomware operators. "Of course, it's the largest ever led by the British **.