Leader of LockBit ransomware gang vows to continue hacking despite takedown
The leader discussed the recent crackdown by international law enforcement, which seized their infrastructure, leading to significant disruptions in their operations and arrests of alleged associates.
In a recent episode, the Click Here podcast scored an exclusive interview with the purported head of the LockBit ransomware group, known as LockBitSupp. He spoke about the recent blow dealt to his operation by an international law enforcement crackdown, which not only seized their infrastructure but also confiscated their hacking tools, cryptocurrency accounts, and source code, effectively halting their four-year reign of ransomware terror.
LockBit has been infamous for its involvement in thousands of attacks, including ones targeting hospitals and critical infrastructure. In a particularly egregious incident in 2022, the group struck Canada’s largest pediatric health center, causing significant disruptions in medical services just before Christmas. Another attack in September of the same year forced two New York hospitals to redirect ambulances and reschedule appointments.
Since the crackdown, several individuals allegedly associated with LockBit have been arrested in Ukraine and Poland, with more arrests anticipated. However, the purported leader, LockBitSupp, believed to be of Russian origin, may remain beyond the reach of law enforcement, with conflicting reports about his whereabouts. The conversation, conducted over encrypted messaging and translated from Russian, sheds light on LockBitSupp’s perspective.
LockBitSupp recounted discovering the takeover when the group’s website became inaccessible, sparking initial fear and panic. However, he quickly shifted his focus to restoring infrastructure after grasping the situation. Despite acknowledging law enforcement’s access to their tools and future ransomware versions, LockBitSupp downplayed its impact, viewing it as an opportunity to exhibit resilience.
Surprised by the sophistication of the law enforcement tactics, LockBitSupp admitted to a lapse in vigilance over the years. Nevertheless, he expressed a desire for more frequent hacking attempts by the FBI to prevent future breaches. Drawing a distinction between law enforcement’s actions and LockBit’s ransomware operations, LockBitSupp emphasised their post-payment penetration testing and system restoration processes. He perceived law enforcement’s efforts as a deliberate attempt to undermine LockBit’s reputation but remained undeterred, asserting that the FBI’s actions only fueled his determination.
Regarding trust among partners, LockBitSupp asserted that established partners continued to support the group, attributing any concerns to poorly managed cryptocurrency laundering. Despite admitting fault for becoming complacent, LockBitSupp believed actions spoke louder than words and focused on improving security measures. Confident in LockBit’s dominance within the ransomware landscape, he dismissed potential competitors, asserting LockBit’s superiority.
Discussing the impact of the law enforcement operation on business, LockBitSupp acknowledged short-term profit decreases but remained steadfast in his belief that LockBit would emerge stronger. He expressed a desire to reach a million targeted companies worldwide, cementing LockBit’s legacy as the most destructive affiliate program in history.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.