YouTube player

In a surprising turn of events, the notorious Lockbit ransomware gang, responsible for extorting over $120 million from 2,000 victims worldwide, has been taken down by authorities. But the story takes an even more interesting turn when we reveal how they were caught: through the very same tactics they used on others.

Lockbit relied on exploiting vulnerabilities in their targets’ systems to gain access and deploy their ransomware. However, it seems they weren’t immune to these vulnerabilities themselves. Authorities discovered a critical weakness, tracked as CVE-2023-3824, in Lockbit’s own server software – an outdated open-source program. By exploiting this vulnerability, authorities were able to seize control of their infrastructure, taking down 34 servers and capturing stolen data, decryption keys, and communication channels.

While Lockbit may have returned, this event highlights an often overlooked aspect of cybercrime: cybercriminals themselves are vulnerable. Just like any other organization, they rely on software, and open-source software in particular, which can harbor vulnerabilities. This event serves as a stark reminder that everyone, even seasoned cybercriminals, needs to prioritize good security hygiene and stay updated on potential weaknesses in the software they use.

This segment was created for the It’s 5:05 podcast