Police seized 200 LockBit cryptocurrency wallets

LockBit is a type of malicious software known as ransomware that locks users out of their systems or files until a ransom is paid .

LockBit, active since 2019, has become known for its attacks on high-profile targets including Continental, Boeing, the Subway chain, Bank of America and the Italian tax office. In 2020, LockBit published the data of users of the BTC-Alpha exchange and announced the theft of data from more than 100,000 PayBito clients. According to Recorded Future, more than 2,300 attacks were carried out worldwide, of which American companies lost over $91 million.

As an example of RaaS (Ransomware-as-a-Service), Lockbit malware was offered to cybercriminals called affiliates to carry out their own ransomware attacks with the option of sharing a portion of the profits. This practice allowed Lockbit to collaborate with multiple affiliates, which may have contributed to the confusion the researchers observed in the group's activities.

Examples of such chaos include the continuation of attacks on medical institutions despite promises from their management to stop such actions, as well as cases where Lockbit executives refused to pay affiliates rewards for carrying out attacks. These problems and the apparent inability to manage its affiliates may indicate a lack of proper oversight of affiliates.

At times, Lockbit executives have resorted to public relations campaigns whose value is questionable in the context of operational security. For example, in 2022, one of the administrators under the pseudonym LockBitSupp offered a $1,000 reward to anyone who gets a tattoo with the Lockbit logo.

On February 20, 2024, darknet sites owned by the hacker group LockBit are now controlled by the UK National Crime Agency, as reported by Bleeping Computer. The operation to seize these resources, carried out as part of Operation Cronos, involving the FBI, Europol and representatives from 11 countries, was confirmed by law enforcement agencies.

OFAC froze ten LockBit cryptocurrency wallets, including those used on the Binance and KuCoin platforms.

In total, over 200 addresses associated with this group were blocked. Authorities are offering a $10 million reward for information about the identity and location of a member of the group with the pseudonym LockBitSupp.

In addition, law enforcement authorities confiscated 34 LockBit servers, gained access to affiliate network management and platform code, and seized more than 1,000 data decryption keys.

At the time of publication of the article, the operation to completely stop the activities of the LockBit group and its affiliates continues.

As part of its sanctions against Lockbit affiliates, Artur Sungatov and Ivan Kondratiev, OFAC identifies ten cryptocurrency addresses controlled by these two individuals - nine addresses belonging to Kondratiev and one to Sungatov.

Addresses of Ivan Kondratyev

1A7SKE2dQtezLktCY8peLsdAtkqxV9r1dC (Bitcoin network) bc1q8ew45w2agdffrnwp6adt2gqrc9n4mkev9ns29c (Bitcoin network) bc1qagp0gy58v8hqvw4p2wsphcxg067rrppp45hexr (Bitcoin network) bc1qn6segn8km4nfdp9vueu6msfjsaxaqgun9h60n9 (Bitcoin network) bc1qx9upga7f09tsetqf78wa3qrmcjar58mkwz6ng6 (Bitcoin network) 0xf3701f445b6bdafedbca97d1e477357839e4120d (Ethereum network) 15cRqR3TXS1JehBGWERuxFE8NhWZzfoeeU (Bitcoin network) bc1q5jqgm7nvrhaw2rh2vk0dk8e4gg5g373g0vz07r (Bitcoin network) 32pTjxTNi7snk8sodrgfmdKao3DEn1nVJM (Bitcoin network)

Address of Artur Sungatov

18gaXypKj9M23S2zT9qZfL9iPbLFM372Q5 (Bitcoin network)