US Posts New Bounty of $15 Million on the LockBit Ransomware Gang

The United States is offering substantial rewards for information regarding cybercriminals associated with the recently dismantled LockBit ransomware operation, but law enforcement agencies assert they have already identified certain individuals.

The UK’s National Crime Agency (NCA) and other law enforcement bodies have seized LockBit domains and servers, causing significant disruption to the cybercrime operation. Initially, the seized domains displayed a screen informing visitors of the law enforcement actions, but they now redirect visitors to a site resembling the known LockBit leak website.

However, instead of posts revealing LockBit victims, the site exhibits messages from law enforcement, encompassing cybersecurity firm reports on the ransomware group’s activities, details about arrests and charges, rewards for information on the cybercriminals, and sanctions. The NCA has taunted cybercriminals by posting a message on the hijacked LockBit panel, notifying affiliates that law enforcement may contact them soon. On the LockBit leak site, the NCA presents a list of nearly 200 usernames allegedly associated with LockBit affiliates.

Authorities have also taken down servers linked to a LockBit data exfiltration tool named Stealbit. The NCA reported that the tool, used by LockBit affiliates to exfiltrate files from victim organizations, has been neutralized along with its upstream proxy servers.

Authorities Claim Significant Damage Caused to LockBit

Investigators claim to have gained access to key infrastructure and may aid hundreds of victims in recovering their files. The NCA stated that 1,000 decryption keys were recovered, urging victims to reach out. Another page on the LockBit leak site suggests that authorities will soon unveil the identity of LockBitSupp, the ransomware operation's leader. Law enforcement has published screenshots indicating privileged access to the LockBit administration portal, including victim chats.

The Department of State has announced rewards of up to $15 million for information leading to the arrest and/or conviction of individuals involved in LockBit ransomware attacks. Specifically, up to $10 million is offered for information on LockBit leaders and up to $5 million for information on affiliates.

LockBit Gang Pulled Off Over 2,000 Attacks

According to the US government, LockBit ransomware attacks targeted over 2,000 entities, with victims paying over $120 million in ransoms. The Treasury Department has imposed sanctions on two LockBit affiliates, Ivan Gennadievich Kondratiev and Artur Sungatov, both Russian nationals. Kondratiev is alleged to be the leader of a LockBit affiliate sub-group named the National Hazard Society.

The Treasury highlighted the LockBit attack on the financial services business of China’s Industrial and Commercial Bank, disrupting Treasury market trades. While several major ransomware operations have been targeted in international law enforcement operations over the past year, skepticism exists regarding the extent of the impact of the LockBit takedown.