June 17, 2024

Cybercrime cops still celebrating the takedown of LockBit should put the champagne back on ice because the Russia-linked hackers have re-emerged — and declared support for Donald Trump.

Often described as the “world’s most active ransomware group,” LockBit was disrupted last Tuesday by an international coalition of law enforcement agencies.

According to Europol, the task force infiltrated the gang’s “primary platform and critical infrastructure.” Members of LockBit were also arrested and charged. Britain’s National Crime Agency said the sting had compromised “their entire criminal enterprise.”

But less than a week later, LockBit has reemerged on the Dark Web. On a new site, the gang shared an apparent list of corporate victims, an explanation for the takedown — and that dubious endorsement of Trump.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

In a lengthy message posted on Monday, the group’s presumptive leader blamed their “personal negligence and irresponsibility” for the takedown.

They also said the bust was triggered by the recent theft of data from government systems in Fulton County, Georgia.

“The stolen documents contain a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election,” the message claimed.

Then came the suspicious political declaration:

“Personally I will vote for Trump,” they said.

Cybersecurity experts, however, doubt that LockBit’s leader is a US citizen. Nonetheless, they’re extremely concerned about the group’s return.

What’s next for LockBit?

Graphic of the cybercrime agencies who have taken down Lockbit
Credit: NSA