Normal view
- Cybersecurity News and Magazine
- LockBitSupp Denies Identification of Group ‘Admin’, Opens Contest to Find Named Dmitry Yuryevich
Boeing Confirms $200M Cyber Extortion Attempt of LockBit
Boeing Cyber Extortion Saga
LockBit first listed Boeing as its victim on October 27 and set a ransom payment deadline for November 2. Boeing had chosen not to provide any comments or statements regarding the incident, at that time, leaving the LockBit claims unverified. Three days later LockBit took down Boeing’s name from the victims’ list fueling further speculations that it was a hoax or the company likely paid ransom. Following this incident, Boeing eventually confirmed falling victim to LockBit’s cyberattack. But as ransom negotiations reportedly failed, LockBit re-listed Boeing on its leak site and threatened to publish 4 gigabytes of sample data as proof of the Boeing data breach. The post also warned that, “All available data will be published!” in coming days. Following on the threat, LockBit published more than 40GB of data on November 10, as the company likely did not agree to pay the ransom demand. Boeing is yet to address the stolen data publicly.Ransom Demands Getting Exorbitant
The indictment's reference to the unnamed company highlights the exorbitant ransom demands made by Khoroshev and his cohorts, totaling over $500 million in ransoms extorted from victims since late 2019. Of this, he got nearly $100 million from a 20% share on the ransom payments, which was further “used to continue funding the LockBit operation and its infrastructure.” Ransomware analysts are now calling the Boeing cyber extortion as one of the largest ransom demands from a ransomware gang till date. Researchers suspects LockBit likely made an inflated demand, without realistic expectations of receiving the full amount, merely to test the waters. Between September 2019 and February 2024, Khoroshev grew LockBit into a massive global criminal operation in which along with his affiliates he attacked approximately 2,500 victims, which included nearly 1,800 in the U.S. alone, the indictment said. Apart from Boeing LockBit’s victim list also contains law enforcement agencies, security firms, municipalities, schools, financial institutions and even multinational fast-food chains.Who is LockBit Ransomware Gang?
The LockBit ransomware gang emerged in 2019, primarily targeting thousands of global companies, with a focus on those headquartered in the United States. Linked to Russian entities, LockBit has amassed tens of millions of dollars in ransom payments since its inception. According to the Cybersecurity and Infrastructure Security Agency (CISA), LockBit has executed over 1700 attacks in the United States, often by compromising and threatening to release sensitive data for financial gain. The recent Boeing data breach highlights the persistent threat posed by cyberattacks to major corporations. LockBit's aggressive tactics and specific targeting of Boeing, a key player in aerospace and defense, highlight the urgent need for robust cybersecurity measures. The ransomware group's imposed deadline heightens the urgency, highlighting the severe consequences of data breaches and the critical importance of safeguarding sensitive information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Ransomware Attacks are Up, but Profits are Down: Chainalysis
In the ever-evolving world of ransomware, it’s getting easier for threat groups to launch attacks – as evidence by the growing number of incidents – but more difficult to make a profit. Organizations’ cyber-defenses are getting more resilient, decryptors that enable victims to regain control of their data, and law enforcement crackdowns on high-profile cybercrime..
The post Ransomware Attacks are Up, but Profits are Down: Chainalysis appeared first on Security Boulevard.
- Cybersecurity News and Magazine
- LockBit Ransomware Targets Wichita City Following Unmasking of Group Leader
LockBit Ransomware Targets Wichita City Following Unmasking of Group Leader
Cyberattack on Wichita Post LockBit Leader Arrest
[caption id="attachment_67202" align="alignnone" width="402"] Source: Dark Web[/caption] The Wichita cyberattack targeted the official website (wichita.gov), prompting concerns over the security of critical municipal systems. While the ransomware group has not yet released any compromised data, they have set a deadline of May 15, 2024, for its publication. The announcement by LockBit ransomware follows closely on the heels of an earlier notification by the city of Wichita regarding a ransomware attack on May 5, 2024, although the responsible ransomware gang was not initially disclosed. Wichita, the largest city in the state of Kansas, serves as the county seat of Sedgwick County and is a populous urban center in the region. The Cyber Express has reached out to the state government to learn more about this cyberattack on Wichita. However, at the time of writing this, no official statement or response has been received. However, the city of Wichita denoted a ransomware attack that targeted various government and private organizations within the city.Security Update from Wichita: Ransomware Group Remains Unnamed!
According to a press release by the city of Wichita, the recent posts from the state's Cyber Security Incident Update indicate ongoing efforts by the city's information technology department and security partners to address the cyberattack. “Many City systems are down as security experts determine the source and extent of the incident. There is no timetable for when systems could be coming back online. We appreciate your patience as we work through this incident as quickly and as thoroughly as possible”, reads the official press release. In the meantime, various city services and amenities have been impacted by the cyber incident, prompting adjustments to normal operations. Water systems remain secure and functional, with provisions in place for those experiencing difficulties paying bills or facing water shut-offs. Transit services, city vendors, park and recreation facilities, licensing procedures, and municipal court operations have all been affected to varying degrees, necessitating alternative arrangements such as cash payments and in-person transactions. Similarly, services provided by cultural institutions, resource centers, planning departments, and housing and community services are also subject to modifications and delays as the city works to address the cyberattack. The city's airport and library services have experienced disruptions to Wi-Fi access and digital infrastructure, although essential operations continue with minimal impact on services provided to the public. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the cyberattack on Wichita or any new updates from the government. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Global Cyber Crime Crackdown: LockBit Ransomware Leader Unmasked and Sanctioned
Global Cyber Crime Crackdown: LockBit Ransomware Leader Unmasked and Sanctioned
LockBit Leader Unmasked
The unveiling of Khoroshev's identity is part of an extensive crackdown by the Operation Cronos taskforce, which includes the NCA, FBI, and other global partners. This follows a series of operations which saw the infiltration and disruption of LockBit’s network. The cyber group, known for its ransomware-as-a-service model, has significantly weakened, operating at a reduced capacity due to the relentless international efforts. This groundbreaking operation has not only demystified one of the cyber world’s most elusive figures but also inflicted a severe blow to the LockBit group's operations, signaling a impactful global stance against cyber threats and ransomware criminals.LockBit's Downfall: Disruption Leads to Reduction in Global Threats
In February, authorities announced a significant breach in LockBit's defenses, gaining control over their dark web leak site and severely compromising the group's operational capabilities. The severity of LockBit's criminal activities was fully unveiled through this intervention, revealing that from June 2022 to February 2024, the group had orchestrated over 7,000 ransomware attacks globally, impacting major sectors including healthcare. The most affected regions included the United States, United Kingdom, France, Germany, and China. The data obtained from LockBit’s systems indicated that the attacks targeted more than 100 hospitals and healthcare entities, pushing at least 2,110 victims into negotiation with the cybercriminals. Despite their attempts to regroup and revive their operations, LockBit's capabilities remain stifled, running at a limited capacity with a considerably reduced global threat. Interestingly, in their desperation to appear active, LockBit created a new leak site post-disruption, inflating their activity by claiming older attacks and those conducted by other ransomware groups. However, the effectiveness of their operations has significantly dwindled, as indicated by a 73% decrease in the average monthly attacks in the UK post-February 2024, with similar reductions reported worldwide. The identification of Dmitry Khoroshev has provided invaluable insights into LockBit's inner workings, exposing the real-world implications of their actions. Of the 194 affiliates identified as part of LockBit’s network until February 2024, 148 were involved in building attacks, and 119 engaged in negotiations with victims. Disturbingly, 114 of these affiliates paid substantial sums to join LockBit's programs but failed to make any money from their criminal activities, highlighting the deceptive and exploitative nature of LockBit's operations. Moreover, the NCA's investigation revealed numerous instances where LockBit’s decryptor tools failed to function correctly, leaving victims who had paid ransoms without any solution and no support from the group’s affiliates. One particularly egregious incident involved an attack on a children’s hospital in December 2022, where LockBitSupp issued a statement apologizing and provided a free decryptor, claiming the affiliate had violated their rules and was expelled from the program. However, NCA analysis showed that the affiliate remained active and continued to conduct 127 unique attacks, engage in 50 negotiations, and received multiple ransom payments until the group's disruption in February 2024. NCA Director General Graeme Biggar emphasized the operation's success, stating, “These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe. He was certain he could remain anonymous, but he was wrong. Biggar added, “We know our work to disrupt LockBit thus far has been extremely successful in degrading their capability and credibility among the criminal community. The group’s attempt at rebuilding has resulted in a much less sophisticated enterprise with significantly reduced impact.” Sanctions Minister Anne-Marie Trevelyan also highlighted the collaborative nature of this international effort, noting, “Together with our allies we will continue to crack down on hostile cyber activity which is destroying livelihoods and businesses across the world. In sanctioning one of the leaders of LockBit we are taking direct action against those who continue to threaten global security, while simultaneously exposing the malicious cyber-criminal activity emanating from Russia.” As part of the ongoing efforts to mitigate the damage caused by LockBit, the NCA and its partners have gained possession of over 2,500 decryption keys and are actively reaching out to nearly 240 victims in the UK, offering support and recovery solutions. The public is encouraged to report any cyber incidents immediately through the government’s Cyber Incident Signposting Site, which directs users to the appropriate agencies for further action. The Operation Cronos taskforce continues to operate at full capacity, involving a wide array of international law enforcement agencies from the US, UK, EU, and beyond, demonstrating a unified front against cyber threats. This coalition serves as a stark reminder that the international community remains vigilant and ready to employ all available resources to combat cybercrime and protect global security. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- LockBit’s Seized Domains Resurrected by Law Enforcement to Expose Details
LockBit’s Seized Domains Resurrected by Law Enforcement to Expose Details
LockBit Sites Resurrected Were Seized Earlier by Law Enforcement
The sites were brought down earlier as part of the joint-sequence Operation Cronos from, where 10 countries took action to disrupt LockBit's infrastructure facilities within in the United States and abroad. The group said law enforcement had hacked its former dark web site using a vulnerability in the PHP programming language, which is widely used to build websites. [caption id="attachment_66818" align="alignnone" width="1471"] Source: X.com (@marktsec46065)[/caption] The resurrected site suggests that law enforcement personnel have obtained further access to details involving LockBit affiliates and the ransomware group's admin LockBitSupp while investigating the group's back-end systems. During the earlier operation, law enforcement also claimed to be aware of personal details involving LockBitSupp, claiming to know where he lives and that he had engaged with law enforcement. As indicated by the site, the agencies responsible for the recent action will likely issue official press statements. The agencies re-affirmed its commitment to supporting ransomware victims worldwide and encouraged individuals and organizations to report incidents to law enforcement.LockBit Claimed Responsibility for Recent String of Attacks
Despite the earlier disruptions and seizures, LockBit continued to claim responsibility for several recent attacks including an attack on Cannes Hospital. The attack forced the hospital to take down its computer systems and switch to traditional pen and paper or manual systems to continue to support patients. Following the hospital's refusal to surrender to ransom demands, the group had allegedly published medical and personal data, including ID cards, health sheets and pay slips. However, the extent and scale of the ransomware group's operations remains much lower than observed in the past year. It is unknown what effect the current action might have on the group's operations as both law enforcement and the ransomware group as well as it's affiliates remain persistent with their efforts. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Hooker Furniture Faces Potential Data Breach as LockBit Claims Cyberattack
Hooker Furniture Faces Potential Data Breach as LockBit Claims Cyberattack
The LockBit ransomware group, known for its disruptive cyberattacks, is back in the spotlight by claiming a cyberattack on Hooker Furniture. The US-based Hooker Furniture is a prominent player in the furniture industry, known for its designs catering to the hospitality and other sectors.
The LockBit alleges they have exfiltrated customer and business data, setting a deadline of May 08, 2024, to publish the compromised information.
Unverified Cyberattack on Hooker Furniture Claim
The Cyber Express team attempted to reach Hooker Furniture officials for comment, but as of now, there has been no response. The company's website also appears to be functioning normally, raising questions about the legitimacy of the Hooker Furniture cyberattack claim. However, considering LockBit's past activities, complete dismissal would be premature.
LockBit's history of targeting organizations with ransomware attacks further complicates the situation.
In March 2024, the group resurfaced with claims of adding eight new victims to their dark web portal, including prominent companies such as STOCK Development, Smulders, and United Notions Inc. This followed earlier claims of listing 12 new victims on their data leak page and engaging in discussions about seizing their websites.
The resurgence of LockBit comes in the wake of significant law enforcement actions aimed at disrupting the group's operations. In a coordinated effort involving the Department of Justice and international law enforcement agencies, authorities dealt a blow to LockBit's infrastructure. However, the recent claims suggest that the group has adapted and evolved, returning with enhanced techniques and capabilities.LockBit Resurgence with Enhanced Techniques
In response to the takedown, LockBit administrators released a provocative message, offering insights into their activities and motivations. The message not only highlights the group's defiance but also highlights the challenges faced by law enforcement agencies in combating cybercrime. With attempts to discredit authorities and speculate on the methods of compromise, LockBit's message serves as a reminder of the ongoing battle between cybercriminals and those tasked with enforcing the law. The situation surrounding Hooker Furniture serves as a cautionary tale for businesses worldwide, highlighting the ever-present threat posed by ransomware attacks and the importance of enhanced cybersecurity measures. While the claims made by LockBit remain unverified, the incident highlights the need for vigilance and preparedness in the face of evolving cyber threats. As investigations continue and the deadline looms, all eyes are on Hooker Furniture and its response to the alleged breach. In the meantime, the cybersecurity community remains on high alert, closely monitoring developments and working tirelessly to combat the scourge of ransomware attacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Ransomware Group LockBit Claims Responsibility for Cannes Hospital Cyberattack