Authorities Fail to Convince Community of LockBit Admin’s Unmasking

British law enforcement promised to reveal the identity of the LockBit ransomware group’s administrator, known as LockBitSupp, but provided minimal information.

On Monday when the Lockbit ransomware group website was seized by FBI, NCA UK, and EUROPOL, they made a post titled “Who is Lockbitsupp?” — this post indicated that law enforcement could potentially unveil key leadership behind the organization.

During the week we spoke with… pic.twitter.com/gBFe9rQAnw

— vx-underground (@vxunderground) February 23, 2024

In February, the National Crime Agency detained two members of the organization in Poland and Ukraine. Russian citizens Artur Sungatov and Ivan Kondratyev were suspected of spreading ransomware.

In total, law enforcement blocked over 200 cryptocurrency wallets linked to LockBit.

Regarding the identity of the administrator known as LockBitSupp, the police announced a $10 million reward for information and initiated a countdown on X to the participant’s unmasking.

Upon expiration of the countdown, authorities released minimal information, such as the hacker not residing in the US or the Netherlands and owning a Mercedes. They hinted at the exclusivity of the model, mentioning potential issues with spare parts.

Authorities stated that the suspect is cooperating.

“We know who he is, where he lives, and how much he is worth,” the statement said.

In response, the individual claimed that the project’s servers are being hacked by the FBI due to sensitive information regarding Donald Trump that could influence the US presidential election. Regarding those arrested, he noted they might have been involved in money laundering.

#LockBit releases a long read of what happened. Full text below. pic.twitter.com/gFzj7yTZfj

— ?????? ?????????? (@ddd1ms) February 24, 2024

Ransomware expert John DiMaggio from Analyst1, in an interview with GovInfoSecurity, recalled the behavior of the group’s leaders in a situation with a specialist who found a bug in the software and requested a reward. In response, project managers deducted the amount from the lead developer’s salary. Ultimately, the hacker joined the rival BlackMatter, released the code publicly, and was labeled a “crazy psycho.”

“This business is run by an egotistical CEO who is extremely insecure. Although, unfortunately, they have an excellent criminal product […] ultimately, they will fail due to this kind of ego and constant overreaction stemming from insecurity about what is happening, such as in the case of the developer’s code leak,” DiMaggio believes.

As reported, by the end of 2023, the volume of illicit revenues from crypto scams and hacks decreased by 29.2% and 54.3%, respectively.