Today the Russian government announced the arrest of an individual from SugarLocker ransomware group a/k/a Encoded01

More information: https://www.facct.ru/media-center/press-releases/sugarlocker-ransomware/

What it's like talking to Threat Actor's in Russia:

> Serious conversations
> Straight to the point
> Business only

What it's like talking to Threat Actor's in America, Canada, and Europe:

> Trust established by volume of kitty pictures sent
> Kitty picture spamming

We've updated the vx-underground malware sample collection.

- File name corrections to Bazaar collection
- More samples added to VirusSign collection
- 18,000+ new samples syncing with VXDB

Check it out here: https://vx-underground.org/Samples/VirusSign%20Collection/2024.02

Just now the US government, in conjunction with the UK and EUROPOL, released more information on Lockbit ransomware group.

The information released is minor, and some information is already available publicly. However, they did unveil Lockbit employs 193 affiliates.

Today the Ukraine police announced they have arrested a Father-and-Son duo who were Lockbit affiliates.

More information: https://www.npu.gov.ua/news/slidchi-natspolitsii-prypynyly-diialnist-transnatsionalnoho-khakerskoho-uhrupovannia-lockbit-v-ukraini

Today Poland's CBZC (Centralne Biuro Zwalczania Cyberprzestępczości, Central Bureau for Combating Cybercrime) released footage of a Lockbit affiliate arrest.

Today we spoke with Lockbit ransomware group administrative staff regarding the recent arrests of their affiliates. Lockbit administration told us several things.

1. They assert the individuals arrested are the wrong people and the multi-agencies involved arrested innocent people.

2. They assert the FBI / NCA UK / EUROPOL do not have know their information. They state they are willing to double the bounty of $10,000,000. They state they will place a $20,000,000 bounty on their own head if anyone can dox them.

3. They state the FBI / NCA UK / EUROPOL are not skilled pentesters, and their success was only due to their administrations laziness.

Earlier we spoke with ALPHV ransomware group. We asked their opinion on the recent takedown of the Lockbit ransomware group website.

ALPHV, their long time competitor, offered words of encouragement for their competitor. They said and quote: "Lockbit is a pussy"

We've updated the vx-underground Windows malware paper collection

- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method

We've updated the vx-underground malware families collection

- Kutaki
- RogueRobin
- zLoader
- Qealler
- QuasarRAT
- RhadamanthysLoader
- Ryuk
- Stealc
- Emotet
- IcedId
- VenomRAT
- Glupteba
- CactusRansomware
- AsyncRAT
- DarkBitRansomware
- Amadey
- Pikabot

🫡🫡🫡

Reports are surfacing that every large-scale cell phone provider in the United States is experiencing technical issues or outages this morning.


https://apnews.com/article/cellular-att-verizon-tmobile-outage-02d8dfd93019e79e5e2edbeed08ee450

Thank you, Sloth. This is a wonderful meme.

We had a real chance at love. A mystery woman offered us $600/week.

All we did is ask for the malware and she blocked us:(

Today UnitedHealth Group, a large health insurance provider in the United States, submitted an SEC Form 8K - they've been compromised.

The report does not indicate who is responsible for the attack.

More information: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm

We stayed up to 2am for the FBI / NCA UK / EUROPOL "Who is LockbitSupp?" reveal.

They extended the deadline 😡😡😡

Meanwhile there is a Lockbit impersonator on Telegram scamming people out of $150 😂😂😂

Today the FBI, NCA UK, and EUROPOL, partnering with Chainalysis, revealed information on Lockbit ransomware group money flow.

The following data was retrieved from July, 2022 - February 2024. Lockbit was first observed in late 2019. This analysis only covers 18 months of a 4 year crime spree.

They reviewed 30,000 Bitcoin addresses, with over 500 Bitcoin addresses active. Those 500+ wallets have received over $120,000,000+. The analysis also shows over $114,000,000 is still unspent (approx. 2,200 BTC unspent, numbers will vary based on price of Bitcoin).

A large portion of this money was the 20% paid to Lockbit ransomware group administrative staff. This indicates the total money stolen could be in excess of $1,000,000,000 from July, 2022 - February, 2024. This means Lockbit ransomware group may have done multi-billion dollars worth of theft internationally.

On Monday when the Lockbit ransomware group website was seized by FBI, NCA UK, and EUROPOL, they made a post noscriptd "Who is Lockbitsupp?" - this post indicated that law enforcement could potentially unveil key leadership behind the organization.

During the week we spoke with Lockbit ransomware group administrative staff. They stated they did not believe law enforcement know his/her/their identities. They even boastfully raised the bounty of their head to $20,000,000.

Today we finally get to see the "Who is Lockbitsupp?" post. The post is very short. It states Lockbit does not live in the United States or Netherlands. It also states he drives a Mercedes. They end the post with a picture of "Tox Cat" - an emoji frequently used by Lockbit ransomware group administrative staff and state Lockbit ransomware group administrative staff has 'engaged' with law enforcement.

tl;dr Lockbit ransomware group called their bluff and succeeded

We asked Lockbit ransomware group administration their thoughts on this past week.

Lockbit ransomware group said they will make formal reply to law enforcement once they're finished restoring their infrastructure

ALPHV said: "My Mercedes drives Lockbit"