LockBit

December 3, 2021

Who Is the Network Access Broker ‘Babam’?

This post was originally published on this siteRarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years. Since the beginning of 2020, Babam has set up numerous auctions on the […]
January 11, 2022

Who is the Network Access Broker ‘Wazawaka?’

This post was originally published on this siteIn a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by “Wazawaka,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene. Wazawaka has been a highly active member of multiple cybercrime forums over the past […]
February 20, 2024

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

This post was originally published on this siteU.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools. Dubbed “Operation Cronos,” the law enforcement action involved the seizure […]
February 25, 2024

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.

This post was originally published on this siteThe FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at […]