The lockbit drama continues. Yesterday law enforcement resurrected one of the groups darkweb sites to tease forthcoming updates from the US and UK.
Updates appear to include the real identity of the lockbit admin, lockbitsupp. And other ominous post titles like "What have we been up to?" show that there is some sort of announcement coming on May 7 at 2pm UTC.
It's like the wild west out there
ā Sans lockbit, the busiest group last week is a group known as Underground Team - a brand new crew which first showed up in March of this year.
ā They're a little different in the sense that they don't change the file name of the files that were encrypted. Usually once a file is encrypted it will get a new extension added on to it. Sometimes it's just the name of the group (ie budget.docx.underground) or sometimes it's a cryptographic hash.
ā Last week they claimed to have comprised the network storage company Synology but the data they released was from 2023. Representatives from Synology claim that there was an isolated incident in April of 2023 where data at one specific location was obtained through a spear phishing campaign.
Guess you can't trust anyone out there...
