24 subscribers
Gå offline med appen Player FM !
LockBit: Is this the end?
Manage episode 408901038 series 2978671
LockBit, the world's largest ransomware-as-a-service (RaaS) provider suffered a very public takedown by an international law enforcement task force, Operation Cronos.
The ransomware behemoth quickly relaunched just days later. But in a world where trust is key, might the reputational damage be too great?
This is the story of the rise of LockBit, its relationship with other infamous cybercriminal groups, its uneasy relationship with some affiliates, its curious leader LockBitsupp, the public takedown and the relaunch, and what this means for the future of ransomware-as-a-service.
Speaker(s):
Koryak Uzan, Co-founder & Managing Director of PRODAFT
Links:
GITOC - The Rise and Fall of the Conti ransomware group
PRODAFT - LockBit: Behind the Lines of the Notorious RaaS
PRODAFT - The Demise of LOCKBIT: Disrupting the Most Prominent Ransomware Gang by Utilizing Upstream Threat Intelligence
https://twitter.com/PRODAFT
https://www.trendmicro.com/vinfo/gb/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023
https://www.wired.com/story/lockbit-ransomware-takedown-website-nca-fbi/
https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/
https://www.blackfog.com/the-top-10-ransomware-groups-of-2023/
https://go.recordedfuture.com/webinar/threat-briefing/lockbit-takedown
https://www.bloomberg.com/news/articles/2024-02-19/fbi-uk-crime-agency-say-they-have-disrupted-lockbit-hacking-gang?cmpid=cyber
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/
https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group
https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
https://therecord.media/lockbit-lied-about-deleting-exfiltrated-data-after-ransom-payments
https://www.sophos.com/en-us/content/state-of-ransomware
https://www.trendmicro.com/vinfo/gb/security/news/ransomware-spotlight/ransomware-spotlight-rhysida
https://www.theguardian.com/commentisfree/2024/feb/06/hacker-british-library-cybersecurity-cybercrime-uk
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-royal
https://www.reuters.com/technology/cybersecurity/blackcat-ransomware-site-claims-it-was-seized-uk-law-enforcement-denies-being-2024-03-05/
https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html
https://twitter.com/ddd1ms/status/1764979901965201552
https://www.cpomagazine.com/cyber-security/under-increasing-federal-scrutiny-blackcat-ransomware-gang-pulls-exit-scam-on-its-way-out/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/resurgence-of-blackcat-ransomware/
https://www.cpomagazine.com/cyber-security/blackcat-ransomware-gang-recovers-from-early-december-law-enforcement-operation-restores-websites-seized-by-doj/
https://www.darkreading.com/threat-intelligence/lockbit-leak-site-reemerges-week-after-complete-compromise-
https://www.linkedin.com/posts/prodaft_manual-ransomware-business-activity-7026870344648916992-mgZX/?originalSubdomain=nl
https://therecord.media/lockbit-ransomware-indictments-us-doj-bassterlord
https://home.treasury.gov/news/press-releases/jy2114
https://therecord.media/lockbit-affiliates-arrested-in-ukraine-poland
https://www.reuters.com/technology/cybersecurity/ukraine-arrests-father-son-duo-lockbit-cybercrime-bust-2024-02-21/
https://www.chainalysis.com/blog/lockbit-takedown-sanctions-february-2024/
https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation
https://analyst1.com/this-forum-is-a-bunch-of-communists-and-they-set-me-up-lockbit-spills-the-tea-regarding-their-recent-ban-on-russian-speaking-forums/
https://securityaffairs.com/149941/hacking/lockbit-3-leaked-code-usage.html
https://www.bankinfosecurity.com/ransomware-as-a-service-gang-lockbit-pays-first-50k-bounty-a-20099
https://therecord.media/wazawaka-cyber-most-wanted-interview-click-here
https://www.state.gov/the-department-of-state-announces-reward-offer-against-russian-ransomware-actor/
https://www.fbi.gov/wanted/cyber/mikhail-pavlovich-matveev
https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/
https://resources.prodaft.com/fin7-cybercrime-gang
https://analyst1.com/ransomware-diaries-volume-1/
https://www.mimecast.com/content/darkside-ransomware/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-291a
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
https://blog.talosintelligence.com/ransomware-affiliate-model/
https://www.csoonline.com/article/573937/with-conti-gone-lockbit-takes-lead-of-the-ransomware-threat-landscape.html
https://youtu.be/0EQenbbPSaE
https://threatpost.com/darkside-hackers-court-paying-affiliates/166393/
https://www.nytimes.com/2021/05/13/us/politics/biden-colonial-pipeline-ransomware.html
https://twitter.com/vxunderground/status/1568273779050127363?lang=en
https://twitter.com/vxunderground/status/1568981950043414530?lang=en
https://www.microsoft.com/en-us/msrc/bounty
https://bughunters.google.com/
https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/
https://analyst1.com/lockbit-takedown-operation-cronos-a-long-awaited-psyops-against-ransomware/
https://twitter.com/vxunderground/status/1697027546452259277
https://twitter.com/NCA_UK/status/1759888184979157123
https://twitter.com/NCA_UK/status/1759873080069910955
https://twitter.com/NCA_UK/status/1759857979086499939
https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation
https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant
https://twitter.com/NCA_UK/status/1759842879688655053
https://twitter.com/NCA_UK/status/1759906806044725514
https://therecord.media/an-interview-with-lockbit-the-risk-of-being-hacked-ourselves-is-always-present
44 episoder
Manage episode 408901038 series 2978671
LockBit, the world's largest ransomware-as-a-service (RaaS) provider suffered a very public takedown by an international law enforcement task force, Operation Cronos.
The ransomware behemoth quickly relaunched just days later. But in a world where trust is key, might the reputational damage be too great?
This is the story of the rise of LockBit, its relationship with other infamous cybercriminal groups, its uneasy relationship with some affiliates, its curious leader LockBitsupp, the public takedown and the relaunch, and what this means for the future of ransomware-as-a-service.
Speaker(s):
Koryak Uzan, Co-founder & Managing Director of PRODAFT
Links:
GITOC - The Rise and Fall of the Conti ransomware group
PRODAFT - LockBit: Behind the Lines of the Notorious RaaS
PRODAFT - The Demise of LOCKBIT: Disrupting the Most Prominent Ransomware Gang by Utilizing Upstream Threat Intelligence
https://twitter.com/PRODAFT
https://www.trendmicro.com/vinfo/gb/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-clop-prevail-as-top-raas-groups-for-1h-2023
https://www.wired.com/story/lockbit-ransomware-takedown-website-nca-fbi/
https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/
https://www.blackfog.com/the-top-10-ransomware-groups-of-2023/
https://go.recordedfuture.com/webinar/threat-briefing/lockbit-takedown
https://www.bloomberg.com/news/articles/2024-02-19/fbi-uk-crime-agency-say-they-have-disrupted-lockbit-hacking-gang?cmpid=cyber
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/
https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group
https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
https://therecord.media/lockbit-lied-about-deleting-exfiltrated-data-after-ransom-payments
https://www.sophos.com/en-us/content/state-of-ransomware
https://www.trendmicro.com/vinfo/gb/security/news/ransomware-spotlight/ransomware-spotlight-rhysida
https://www.theguardian.com/commentisfree/2024/feb/06/hacker-british-library-cybersecurity-cybercrime-uk
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-royal
https://www.reuters.com/technology/cybersecurity/blackcat-ransomware-site-claims-it-was-seized-uk-law-enforcement-denies-being-2024-03-05/
https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html
https://twitter.com/ddd1ms/status/1764979901965201552
https://www.cpomagazine.com/cyber-security/under-increasing-federal-scrutiny-blackcat-ransomware-gang-pulls-exit-scam-on-its-way-out/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/resurgence-of-blackcat-ransomware/
https://www.cpomagazine.com/cyber-security/blackcat-ransomware-gang-recovers-from-early-december-law-enforcement-operation-restores-websites-seized-by-doj/
https://www.darkreading.com/threat-intelligence/lockbit-leak-site-reemerges-week-after-complete-compromise-
https://www.linkedin.com/posts/prodaft_manual-ransomware-business-activity-7026870344648916992-mgZX/?originalSubdomain=nl
https://therecord.media/lockbit-ransomware-indictments-us-doj-bassterlord
https://home.treasury.gov/news/press-releases/jy2114
https://therecord.media/lockbit-affiliates-arrested-in-ukraine-poland
https://www.reuters.com/technology/cybersecurity/ukraine-arrests-father-son-duo-lockbit-cybercrime-bust-2024-02-21/
https://www.chainalysis.com/blog/lockbit-takedown-sanctions-february-2024/
https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation
https://analyst1.com/this-forum-is-a-bunch-of-communists-and-they-set-me-up-lockbit-spills-the-tea-regarding-their-recent-ban-on-russian-speaking-forums/
https://securityaffairs.com/149941/hacking/lockbit-3-leaked-code-usage.html
https://www.bankinfosecurity.com/ransomware-as-a-service-gang-lockbit-pays-first-50k-bounty-a-20099
https://therecord.media/wazawaka-cyber-most-wanted-interview-click-here
https://www.state.gov/the-department-of-state-announces-reward-offer-against-russian-ransomware-actor/
https://www.fbi.gov/wanted/cyber/mikhail-pavlovich-matveev
https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/
https://resources.prodaft.com/fin7-cybercrime-gang
https://analyst1.com/ransomware-diaries-volume-1/
https://www.mimecast.com/content/darkside-ransomware/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-291a
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
https://blog.talosintelligence.com/ransomware-affiliate-model/
https://www.csoonline.com/article/573937/with-conti-gone-lockbit-takes-lead-of-the-ransomware-threat-landscape.html
https://youtu.be/0EQenbbPSaE
https://threatpost.com/darkside-hackers-court-paying-affiliates/166393/
https://www.nytimes.com/2021/05/13/us/politics/biden-colonial-pipeline-ransomware.html
https://twitter.com/vxunderground/status/1568273779050127363?lang=en
https://twitter.com/vxunderground/status/1568981950043414530?lang=en
https://www.microsoft.com/en-us/msrc/bounty
https://bughunters.google.com/
https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/
https://analyst1.com/lockbit-takedown-operation-cronos-a-long-awaited-psyops-against-ransomware/
https://twitter.com/vxunderground/status/1697027546452259277
https://twitter.com/NCA_UK/status/1759888184979157123
https://twitter.com/NCA_UK/status/1759873080069910955
https://twitter.com/NCA_UK/status/1759857979086499939
https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation
https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant
https://twitter.com/NCA_UK/status/1759842879688655053
https://twitter.com/NCA_UK/status/1759906806044725514
https://therecord.media/an-interview-with-lockbit-the-risk-of-being-hacked-ourselves-is-always-present
44 episoder
Alla avsnitt
×1 Colombia & Total Peace: Part 2: Buenaventura – “The Pact for Life” 45:23
1 Colombia & Total Peace: Part 1 - "The ELN - The Easy Win" 59:04
1 Mohamed Amra and the gangs of Marseille 36:01
1 The Long Tail: Cross-Channel Migrant Smuggling (France to the UK) 54:41
1 Monitoring: What is going on in Ecuador? 28:15
1 Monitoring: Ovidio Guzmán and the Kingpin Strategy 20:48
1 Illicit Financial Flows in the Western Balkans 41:05
1 Monitoring: A Month of Drug Seizures 12:02
1 “They don’t ******* withdraw it” - Scam Call Centres in Ukraine 40:31
1 Colombia: In the face of crime and violence 43:53
1 The Rise and Fall of the Conti Ransomware Group 1:18:54
1 “Death Can Wait”: Drugs on the Frontline in Ukraine 41:03
Välkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.