They’re Baaaack! LockBit, That Is. And they are Ticked Off
The FBI touted just last week that they had taken down LockBit and replaced the servers with ones that offered free decryption keys and sunshine for all. It didn’t last long. The Russia-based hackers have reconstituted themselves and have new servers. It is true that the FBI and Europol and others did take down their servers, arrest a few people and freeze some crypto accounts. LockBit says that their backup infrastructure was not touched. OUCH!
Here is a bit of their side of the story. Remember they are crooks and Russian crooks at that, so it is possible they might be, exaggerating or even fibbing.
They say they were sloppy and did not patch their systems (just like many businesses) and that was how the cops hacked them. Possible.
They claim that all of their backup servers that did not run PHP are alive and well.
One of their victims is Fulton County, Georgia. In case you have not heard, there is a very high profile trial about to go on there. Is it possible that it is the reason the FBI and others went after LockBit? Possible, but I would not necessarily say so. Could just be that they saw an opportunity.
In spite of anything that LockBit might say, assuming the feds got a bunch of their data, that will be quite useful in the future. Credit: Dark Reading
The takedown happened right as LockBit was about to release stolen data from the Fulton County hack, including the court system where Trump and his many friends are on trial.
Fulton County is not denying they were hacked.
LockBit said they would publish stolen information if the county did not enter into negotiations by February 16. Later, Fulton County was removed from their name and shame site. That usually happens when the victim starts negotiating to pay a ransom.
The Fulton County head commissioner said they ain’t paying. Okay.
LockBit has released some sealed court records but none yet related to Trump.
Even if the data is not leaked, defense attorneys could say that any evidence has been compromised. How could you prove differently?
Will they publish a lot of the stolen data? Not clear, but they are not a bunch of happy campers, so if the county doesn’t pay, they might. Credit: Brian Krebs
Did they pay the ransom? They are not saying. What they did say is that they did not use taxpayer money to pay off the hackers. BUT, that would not preclude the insurance company from paying the hackers if they thought that would save them money. The Atlanta Journal Constitution thinks the hackers were paid off.
This is the biggest risk these days from ransomware attacks. The hackers steal many gigabytes of data and say that if they don’t get paid off, they will sell, use or give away the data. That is not a great situation for businesses who get hacked.
Experts say that if the hackers do leak sensitive data, it could put people’s lives at risk, affect trials and discourage witnesses from cooperating.