One notable event, which LockBit were involved in, occurred toward the end of the year, concerned the disruption of the NoEscape and BlackCat/ALPHV’s .onion sites. Chatter online indicates that NoEscape may have pulled an exit scam, stealing potentially millions of dollars in ransom payments and shutting down the group’s infrastructure, while BlackCat claimed their outage was caused by hardware failure, there is also the distinct, though unconfirmed, possibility that it was linked to law enforcement efforts. LockBit seized upon the moment, and their operation’s manager LockBitSupp, has now started to recruit affiliates from NoEscape and BlackCat to join LockBit’s efforts.
It is unconfirmed who, or how many, affiliates from BlackCat and NoEscape moved to LockBit, though one victim of BlackCat, the German Energy Agency dena[.]de, has been seen on LockBit’s victim list. This wouldn’t be the first time a rival threat group has ceased operations and its affiliates have joined LockBit. In 2021, the BlackMatter ransomware group was shut down and some of its affiliates joined LockBit whilst others joined with affiliates from DarkSide to form BlackCat/ALPHV. It remains to be seen how the landscape will react to this shake up, and NCC Group will continue monitoring the situation in order to stay abreast of any updates.
Figure 19: LockBitSupp Recruitment Post
44
Made with FlippingBook - PDF hosting