Hackers Threaten To Release Trump Court Docs, Demand Ransom Payment

A group of hackers has reportedly threatened to release court documents that specifically target Donald Trump. Multiple reports confirm that the documents are allegedly related to the Georgia election interference case filed against Trump. The hacking group has demanded a ransom payment to prevent the release of their seized documents.

Hacking Group Was Previously Raided By FBI, UK Crime Agency

The hacking group, which is reportedly led by LockBitSupp, provided the specific deadlines required for the ransom payment associated with the threat. There has apparently not been any release yet of the court documents in question.

UK’s National Crime Agency and the FBI apparently raid the hacking group on February 20. During the raid, they were able to take down approximately 34 servers.

LockBit ‘Extracted Tens Of Millions Of Dollars’ From Victims

The U.S. Department of Justice reported that the ransomware used by LockBit has targeted at least 1,000 victims around the globe – including the United States. Members of the group have reportedly made “at least $100 million in ransom demands.”

Further reports have confirmed that the group “extracted tens of millions of dollars in actual ransom payments from their victims.”

LockBit Used In One-Third Of Ransomware Attack In 2022

Dragos, a security firm, estimated that LockBit malware was utilized in over 30 percent of ransomware attacks throughout the second and third quarters of 2022. The attacks specifically targeted industrial organizations.

The malware was apparently used in 33 percent of the attacks against industrial organizations. In addition, the attacks were used in 35 percent of those that were directly against infrastructure, according to Wired.

Two Russians Indicated For Hacking, Over $120M In Ransom Payments Involved

Two Russians have been reportedly indicated by the Department of Justice for hacking. According to multiple reports, there were more than 2,000 cases involved.

The cases totaled approximately $120 million in ransomware payments.

FBI Claimed LockBit Uses Various ‘Tactics, Techniques, and Procedures

The FBI released a public alert in February 2022 confirming that LockBit employed “a wide variety of tactics, techniques, and procedures (TTPs).” The TTPs reportedly created “significant challenges for defense.”

The FBI originally started investigating the hacking group in the early part of 2020.

Attorney General Says U.S. and U.K. ‘Taking Away The Keys’

Attorney General Merrick Garland said that the “LockBit associates have deployed these kinds of attacks again and again” across the United States and worldwide “for years.” Garland further explained that U.K. and U.S. law enforcement “are taking away the keys to their criminal operation.”

The LockBit collective has been able to maintain a relatively low profile despite its high volume of cyberattacks. However, the group has notably become more aggressive in recent years. Some critics and IT experts even say that the group has become more careless as well.

Garland Confirms Keys Have Also Been Taken From Seized LockBit Infrastructure

Merrick Garland also confirmed that the agencies went “a step further” by obtaining the keys from the seized LockBit infrastructure. According to the report, this will provide assistance to victims for the decryption of “their captured systems.”

It will also help them to “regain access to their data.” Garland added that LockBit was not the “first ransomware variant the Justice Department and its international partners have dismantled.” He concluded his statement by claiming LockBit “will not be the last.”

Chief Security Strategist Calls LockBit ‘The Most Notorious Ransomware Group’

Jon DiMaggio, a chief security strategist that works for Analyst1, described LockBit as “the most notorious ransomware group.” He attributed that notoriety to the group’s “sheer volume.”

DiMaggio has studied the operations of the LockBit collective extensively. Based on his findings, according to DiMaggio, the reason behind their success Is the leadership of “a good businessman.”

LockBit Leader ‘Runs It Like A Business,’ Makes It ‘Attractive To Criminals’

DiMaggio stated that the leader of LockBit does not necessarily have “this great leadership capability.” He noted that they essentially created a “point-and-click ransomware that anyone could use.”

He further explained that the group regularly updates their software, is “constantly looking for user feedback,” and “care about their user experience.” They even “poach people from rival gangs.” That is why the leader apparently “runs it like a business,” which makes it “very, very attractive to criminals.”

Threat Analyst Claims Being ‘Businesslike’ Is The ‘Reason For Their Longevity’

Brett Callow, a threat analyst that works for the antivirus firm Emsissoft, claimed that LockBit has “probably been the most businesslike” out of all the group studied over the years. Callow further explained that the “businesslike” approach is “part of the reason for their longevity.”

Peter Mackenzie, a director of incident response at the Sophos security firm, reportedly said that the group has even experimented in the past with new methods for intimidating their victims into making ransom payments.

Incident Response Director Confirms LockBit Offers Various Payment Options

Mackenzie reported that LockBit “got different ways of paying.” For instance, one could pay to have their “data deleted, pay to have it released early,” or even “pay to extend” the deadline.

Mackenzie further claimed that LockBit made its payment options accessible to anyone. Theoretically, that could open the door for a rival company to buy a victim’s data. However, Mackenzie added that this just puts “extra pressure” on the victim “which is what helps make people pay.”

LockBit First Emerged In 2019 As ‘ABCD Ransomware’

The LockBit hacking group reportedly first emerged back in 2019. The group identified itself as “ABCD Ransomware” at the time.

It has grown exponentially since then even though it has strived to maintain a relatively low profile. It notably invests in logistical and technical innovations to try to maximize its profits.

LockBit Operates As A ‘Ransomware-As-A-Service’ Operation

According to Wired, LockBit works as a “ransomware-as-a-service” operation. By definition, the core team of LockBit creates its own malware and then operates its website.

In addition to the standard website operation, it licenses out the code to “affiliates.” The affiliates then use the code received to launch their attacks as instructed.

How LockBit Modified The Affiliate Model Of Payment Collection

In most cases, ransomware-as-a-service groups attack a business and share the profits proportionately with their affiliates once they receive payment. However, the affiliate model was apparently modified by LockBit when they started collecting payments.

With LockBit, affiliates are able to collect payments directly from their victims. They are then responsible for paying an agreed-upon fee to the core team of the LockBit Collective.