According to DiMaggio, the individual behind the LockBit group not only used money for personal gain, but also reinvested it back into the operation to make it more appealing to criminals. The LockBit malware underwent significant updates and releases over time, with each version becoming more advanced and user-friendly. Research from Trend Micro indicated that a new version was in the works.
In private conversations, DiMaggio described the person using the alias LockBitSupp as “arrogant” and focused on business, with the occasional use of cat stickers. However, on Russian cybercrime forums, LockBitSupp’s persona was more dramatic, resembling a mix of a supervillain and Tony Montana from “Scarface”. This flamboyant display of success and wealth sometimes rubbed people the wrong way.
LockBitSupp’s unconventional tactics included setting a bounty on their own identity, organizing an essay-writing competition, offering a “bug bounty”, and even paying individuals $1,000 to get the LockBit logo tattooed. Despite these efforts, law enforcement eventually uncovered LockBitSupp’s identity, leading to further research by DiMaggio that revealed more personal details about the individual behind the alias.
After being banned from cybercrime forums, LockBitSupp’s presence diminished, with mixed reactions from forum users. Some celebrated the downfall of LockBit, while others questioned its technical decisions and potential collaboration with law enforcement. Despite the setback, LockBitSupp managed to quickly create replica versions of the group’s leak site after Operation Cronos took LockBit offline in February.
Experts noted a decline in LockBit affiliates and victims following law enforcement interventions, indicating a significant impact on the group’s operations. The DOJ indictment reported a decrease in LockBit’s victim count since the takedown, signaling a significant blow to the group’s activities.