back to article Five months after takedown, LockBit is a shadow of its former self

For roughly two years, LockBit's ransomware operation was by far the most prolific of its kind, until the fateful events of February. After claiming thousands of victims, extorting hundreds of millions of dollars, and building a robust army of sophisticated cybercriminals, the life's work of its mastermind, LockbitSupp – whom …

  1. Doctor Syntax Silver badge

    "LockBit appeared to have 194 affiliates on its books, according to Operation Cronos, which found every single one"

    What does "found" amount to here? An alias, a name and address or something in between that could be worked up into a name and address? If it's possible to identifiy them we should expect to see arrests unless they're all in Russia.

    1. doublelayer Silver badge

      Probably a record of a specific contact and payment method, so something that can be used to track them down, but not as convenient as names and addresses of its members. Affiliates that were good at their jobs would probably have good enough opsec that their contact method doesn't identify them and, for those who got payments well before the raids, have probably already extracted their money and hidden again. Those who are not so good could perhaps be identified by law enforcement based on their connection to the organization.

  2. ChoHag Silver badge

    > Start a family, perhaps, and sit around the dinner table reminiscing over all the people you robbed, extorted, and hurt to pay for the meal in front of them.

    I always admire the disgust woven into sentences like this, as though there's anyone's pile of money that isn't already soaked in centuries of blood and tears.

    1. heyrick Silver badge

      True, but most of us try to make an honest living. While most of us are where we are due to a lot of unpleasant history, we are not the antagonists. We are not the ones screwing people over. There's a huge difference between "somebody that I never met back in the 16th century was an arsehole" and "I am an arsehole".

    2. DS999 Silver badge

      I'm sure he has to pay a good chunk of his fortune to Putin in exchange for "protection". If he failed to do so then he'd find himself kidnapped in the middle of the night and dropped off in Poland or some other EU country with the police notified of his location and identity, to serve as an example for every other criminal operating within Russia.

      1. CountCadaver Silver badge

        Nah

        ..like so many others Putin wanted to make an example of he would either have fallen out of a 9th story window or die "suddenly"

        Everyone can put 2 and 2 together without anyone having to claim responsibility

        1. CrazyOldCatMan Silver badge

          Putin wanted to make an example of he would either have fallen out of a 9th story window or die "suddenly"

          Followed by the discovery of a will granting all his stolen money to Putin or a Putin-adjacent (who will then do the decent thing and pay it all to Putin)

          And anyone who objects will have a speedy trip to a top class Siberian working holiday with accomodation and (some) meals provided.

      2. doublelayer Silver badge

        No, can't have that. That would give the evil west something, and that has to be prevented at all costs. Lots of other options are acceptable: imprisonment, forced work on some state computer thing, just take all his money and set him free to make some more, but there will be no sending criminals away for someone else to try. I'm also guessing that, until law enforcement announced his identity, the attention from the central government was probably quite low.

      3. druck Silver badge

        He should realise that Ukraine is finding it eminently possible to fly explosive laden drones into high value targets deep within Russia, how long could it be before someone decides to put the name of a ransomware peddling scumbag on one?

    3. Ian Johnston Silver badge

      There are people who earn a living designing cluster bomblets to look like toys so that children will pick them up and be blown to bits. There are people who earn a living maximizing the yield of nuclear weapons and - presumably - to home please after a day at work during which they found a way of killing an extra hundred thousand people. Remember the Stockline factory explosion in Glasgow? The victims of that earned a living making electric shock batons, including some designed for vaginal or anal insertion.

      People can be really quite unpleasant. Banally so.

      1. Catkin Silver badge

        designing cluster bomblets to look like toys

        [citation needed]

  3. TimMaher Silver badge
    Coat

    Re: “rummaged around for intel”

    Well, to be fair, their chips aren’t illegal…yet.

  4. Pascal Monett Silver badge

    "its best earners have fled for crews with better opportunities"

    In other words, the disease has spread.

    Like dandilions.

    Shutting down the servers is all well and good, but until you jail the miscreants, you've only disrupted them, you haven't stopped them.

    1. David 164

      Re: "its best earners have fled for crews with better opportunities"

      Yeah well it kind of hard to stop them permanently when they hang out in countries like Russia, China and North Korea.

  5. Will Godfrey Silver badge
    Unhappy

    Rule 1

    Don't gloat. It's treated as a challenge.

    obligatory:

    Rule 2: See rule 1

  6. David 164

    Who want to be that at least one of the new startups is a police honey trap.

  7. Screepy

    An interesting read..

    Although not directly linked to this story if anyone is interested in how law enforcement approach cybercrime, Andy Greenberg's new book, Lords of Crypto Crime, is well worth a read.

    And if you haven't already read it, his earlier book, Sandworm, is also fascinating.

  8. Paul Hovnanian Silver badge

    How many of these affiliates ...

    .... jumping ship and seeking greener pastures are undercover cops?

    Operation Cronos might have done more than dig around in LockBit's records. They could very well have built some legends for their operatives. Or at least that's what they'll want the other RaaS services to think.

    Can't trust anyone these days.

    1. CrazyOldCatMan Silver badge

      Re: How many of these affiliates ...

      Can't trust anyone these days.

      It's almost like there's no honour among thieves! What is the world coming to!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like