Displaying items by tag: lockbit

In what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled with much celebration on X (Twitter) LinkedIn, Facebook and elsewhere. The memes flowed freely and even the usual naysayers could not dampen the enthusiasm over this significant event. Especially since it all appears to have been due to an unpatched vulnerability in PHP 8.x.

A 20-year-old Russian National Magomedovich Astamirov was arrested in Arizona and had his initial appearance in court yesterday. The arrest and charges come after a lengthy investigation into the Ransomware as a Service Group, LockBit. This is the second arrest in six months related to the group’s activities with a third warrant/indictment issued for another individual, Mikhail Pavlovich Matveev, who is still at large. According to the DOJ press release Astamirov is suspected of conspiring with other LockBit members to attack multiple organizations in the US and around the globe. Astamirov is believed to have managed various IP and Email addresses used for ransomware deployment and communication with the victims of attacks.

The leak of tools used by threat groups, and spying agencies are events of inestimable importance in both the threat group and security worlds. To threat groups this is like free money. They now have access to someone else’s development efforts meaning they can spend less money developing the next payload for their own interests. On the security side it means that there is a high potential to see new variants of these tools hitting the wild which they now must defend against. It also increases the attack pool which they must defend against since now even unsophisticated groups have access to all the fun tools.