LockBit ransomware site returns — but don’t worry, it might actually be OK

Police have restored LockBit site, apparently to troll the criminals

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The website ofransomwarehackers LockBit, which was seized by police and shut down, has relaunched. However, it wasn’t the hackers that propped it back up, but rather the law enforcement agents who originally seized it.

The refreshed website includes some new details about the group and its leader. Some of the teasers on the website include “Who is LockBitSupp?”, “WHat have we learnt,” “More LB hackers exposed,” and more.

The police also posted an image on X, with a 24-hour countdown timer, when the information will be released. At press time, there were under six hours left on the clock.

Who is LockBitSupp?

An international coalition oflaw enforcement agencies infiltrated the group’s infrastructurein late February 2024 seized the servers, confiscated a lot of money, plenty of data on the operation, its affiliates, and more.

The police defaced LockBit’s website and left a message saying the operation is terminated and that they would be coming for the affiliates (of which there were,apparently, around 200).

Two alleged LockBit members were arrested, one in Ukraine, and one in Poland.

One of the last big attacks before the attack was on EquiLend, a global financial technology, data and analytics firm, which was hit in late January 2024, with LockBit affiliates walking away with sensitive customer data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Soon after the police operation, dubbed Cronos, the ransomware’s key operator, going by the name LockBitSupp, said the police exaggerated their claims, that the operation was no more than a temporary setback, and that the operation would continue soon enough.

In less than two weeks, LockBit was back with new encryptors, new infrastructure, and new data leak and negotiation websites. Newer victims reported getting a different ransom note, with a new Tor URL.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time