• chevron_right

      « On a voulu ruiner la réputation des hackers de Lockbit », rencontre avec le directeur opération d’Europol

      news.movim.eu / Numerama · Yesterday - 09:42

    Europol, l'agence européenne de police criminelle, a intensifié sa lutte contre les cybercriminels avec plusieurs opérations majeures depuis un an. Une manière de casser le mythe du « hacker inatteignable » pour le Général Lecouffe.

    • chevron_right

      Member of LockBit ransomware group sentenced to 4 years in prison

      news.movim.eu / ArsTechnica · Thursday, 14 March - 23:15

    The bars of a jail cell are pictured along with a man's hand turning a key in the lock of the cell door.

    Enlarge (credit: Getty Images | Charles O'Rear)

    A dual Canadian-Russian national has been sentenced to four years in prison for his role in infecting more than 1,000 victims with the LockBit ransomware and then extorting them for tens of millions of dollars.

    Mikhail Vasiliev, a 33-year-old who most recently lived in Ontario, Canada, was arrested in November 2022 and charged with conspiring to infect protected computers with ransomware and sending ransom demands to victims. Last month, he pleaded guilty to eight counts of cyber extortion, mischief, and weapons charges.

    During an October 2022 raid on Vasiliev’s Bradford, Ontario home, Canadian law enforcement agents found Vasiliev working on a laptop that displayed a login screen to the LockBit control panel, which members used to carry out attacks. The investigators also found a seed phrase credential for a bitcoin wallet address that was linked to a different wallet that had received a payment from a victim that had been infected and extorted by LockBit.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      « Après avoir nagé dans l’argent, je suis devenu paresseux », le fameux gang de hackers Lockbit répond à la police

      news.movim.eu / Numerama · Monday, 26 February - 16:19

    Lockbit, le gang de hackers le plus redouté (responsable de la cyberattaque de l'hôpital de Corbeil-Essonnes), revient sur le devant de la scène et répond aux forces de police, après son opération marquante contre l'infrastructure des pirates.

    • chevron_right

      Ransomware associated with LockBit still spreading 2 days after server takedown

      news.movim.eu / ArsTechnica · Thursday, 22 February - 22:28

    A stylized skull and crossbones made out of ones and zeroes.

    Enlarge (credit: Getty Images )

    Two days after an international team of authorities struck a major blow at LockBit , one of the Internet’s most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group.

    The attacks, detected in the past 24 hours, are exploiting two critical vulnerabilities in ScreenConnect , a remote desktop application sold by Connectwise. According to researchers at two security firms—SophosXOps and Huntress—attackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware. It wasn’t immediately clear if the ransomware was the official LockBit version.

    “We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown,” John Hammond, principal security researcher at Huntress, wrote in an email. “While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement.”

    Read 9 remaining paragraphs | Comments

    • chevron_right

      After years of losing, it’s finally feds’ turn to troll ransomware group

      news.movim.eu / ArsTechnica · Tuesday, 20 February - 21:29 · 1 minute

    After years of losing, it’s finally feds’ turn to troll ransomware group

    Enlarge (credit: Getty Images)

    After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren't squandering it.

    The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to Lockbit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites Lockbit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.

    this_is_really_bad

    Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow , a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

    Read 9 remaining paragraphs | Comments

    • chevron_right

      LockBit ransomware group taken down in multinational operation

      news.movim.eu / ArsTechnica · Tuesday, 20 February - 14:30

    A ransom message on a monochrome computer screen.

    Enlarge (credit: Rob Engelaar | Getty Images )

    Law enforcement agencies including the FBI and the UK’s National Crime Agency have dealt a crippling blow to LockBit , one of the world’s most prolific cybercrime gangs, whose victims include Royal Mail and Boeing.

    The 11 international agencies behind “Operation Cronos” said on Tuesday that the ransomware group—many of whose members are based in Russia—had been “locked out” of its own systems. Several of the group’s key members have been arrested, indicted, or identified and its core technology seized, including hacking tools and its “dark web” homepage.

    Graeme Biggar, NCA director-general, said law enforcement officers had “successfully infiltrated and fundamentally disrupted LockBit.”

    Read 16 remaining paragraphs | Comments

    • chevron_right

      Les polices de 11 pays, dont la France, abattent le site de Lockbit, le plus important gang de hackers

      news.movim.eu / Numerama · Tuesday, 20 February - 04:00

    Le site des hackers russophones de Lockbit a été mise hors-ligne par les forces de l'ordre de plusieurs pays, dont la Gendarmerie nationale. Ces pirates sont responsables de plusieurs cyberattaques, dont celles contre l'hôpital de Corbeil-Essonnes, la Poste mobile et le département du Loiret.

    • chevron_right

      « Vos données ont été volées », le gang de hackers Lockbit fait savoir à tout le monde qu’il vous a piraté

      news.movim.eu / Numerama · Thursday, 8 February - 16:33

    Le collectif de cybercriminels Lockbit a affiché un message sur le site de ses victimes pour créer la panique. Ces cybercriminels réutilisent une technique mobilisée depuis longtemps par les pirates.

    • chevron_right

      Le chef d’un gang de hackers russes offre une récompense à celui qui dévoile l’identité d’un autre pirate

      news.movim.eu / Numerama · Saturday, 27 January - 07:33

    Le responsable du collectif de cybercriminel Lockbit a posté une annonce sur un forum de hackers. Il cherche des informations sur le membre d'un autre gang, sur fond de cyberattaque contre une entreprise russe.