Saturday, May 31, 2025

Signalgate: A Call to Reassess Security Onboarding and Training

Mobile Device Trade-In Values Surge 40% in the US

DSIT urges Ofcom to get ready for broader regulatory responsibilities covering datacentres.

AI and Private Cloud: Key Takeaways from Dell Tech World 2025

Four Effective Strategies for Recruiting Technology Talent in the Public Sector

US Unveils New Indictments Targeting DanaBot and Qakbot Malware Cases

Imec ITF World 2025: Pioneering the Future of AI Hardware

AI Solutions for Network Administrators | Computer Weekly

What is a Passkey? | TechTarget Definition

Unlocking Insights: What the LockBit 3.0 Data Leak Exposes about Ransomware

On May 7, 2024, the UK National Crime Agency and its partners revealed the suspected operator of the LockBit 3.0 ransomware, Dmitry Yuryevich Khoroshev, during Operation Cronos. Fast forward a year, and on the same date, a hefty leak occurred. The entire SQL database of a web admin interface for LockBit affiliates got dumped online, sourced from hacked franchise sites.

This leak sheds light on LockBit 3.0’s operations more than ever. The timestamps related to the malware show a significant delay—up to ten days—between the data exfiltration and the start of the encryption process for some victims. This underscores the need for better detection of these data breaches.

The database contained 75 user accounts; only 44 were used to generate ransomware or execute attacks. Of these, 30 were active by April 29, but only seven were involved in attacks at that time. Many accounts were “paused” due to their use against victims in Russia, according to the operator.

Geographically, LockBit’s affiliates targeted the Asia-Pacific region the most, accounting for 35.5% of their efforts, while Europe fell behind at 22%. North America trailed at under 11%. Notably, certain affiliates like PiotrBond focused heavily on Asia-Pacific, with 76% of their victims from that region.

Data analysis reveals a scarcity of observable malicious activity in regions like South Korea and suggests that many affiliates are opting for easier targets rather than high-profile victims. Ransom negotiations often involved demands under $20,000. While there are only a few high-profile affiliates left, the crackdown from Operation Cronos has damaged the franchise’s reputation.

Interestingly, some victims might be avoiding claims on LockBit’s showcase site to protect its image. This latest data leak not only revealed affiliates’ Tox email IDs and passwords but also exposed victims’ encryption keys, adding to the ongoing chaos surrounding LockBit.