Bring us the head of LockBit! $15 million bounty offered for information on leaders of notorious ransomware gang – Source: www.tripwire.com

A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang.

The bounty offer comes from the US State Department, following this week’s disruption of the criminal organisation’s activities.

LockBit, which has been operating since 2020, has targeted thousands of victims around the globe, causing the loss of billions of dollars in both ransom payments and recovery.

The UK’s National Crime Agency (NCA), the FBI, and others have collaborated on “Operation Cronos”, which has taken over LockBit’s backend infrastructure. Now, the LockBit leaks website is exposing the criminal group’s operations instead of publishing stolen victim data.

LockBit has been described as “The Walmart of ransomware” due to its market dominance.

In a wonderful twist of irony, it appears that law enforcement agents were able to seize control of LockBit’s infrastructure by exploiting a PHP vulnerability that LockBit’s system administrators had failed to patch – similar to the tactics used by ransomware attackers.

The NCA has published screenshots of LockBit’s exposed source code, backend administration panel, and redacted images of negotiations that have taken place between LockBit affiliates and their victims to prove the depth of its “pwning” of LockBit.

The good news is that the authorities had already had some success rounding up some individuals suspected of being part of the LockBit gang, even before the bounty was announced. This week a 38-year-old man was arrested in Poland, as well as a father and son in Ukraine.

Anyone with information about members of the LockBit criminal gang can contact the FBI for a potential reward via email, Telegram (@LockBitRewards), or Signal (+1-646-258-2533).

Of course, the best news of all is that victims of LockBit no longer have to pay a ransom to regain data access as a decryption tool has been released.

Victims based in the US are advised to contact the FBI via https://lockbitvictims.ic3.gov/.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.