{
	"id": "2d5b909b-f1b8-40f4-99b6-92919ef9975d",
	"created_at": "2026-04-06T00:21:10.104604Z",
	"updated_at": "2026-04-10T03:29:40.024734Z",
	"deleted_at": null,
	"sha1_hash": "7d606766a7d427e7ca598e4f506d2d7da4a6e554",
	"title": "Exclusive: After LockBit’s takedown, its purported leader vows to hack on",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 315369,
	"plain_text": "Exclusive: After LockBit’s takedown, its purported leader vows to\r\nhack on\r\nBy Dina Temple-Raston\r\nPublished: 2024-03-15 · Archived: 2026-04-05 23:13:37 UTC\r\nThis week, the Click Here podcast landed a rare interview with the purported leader of the LockBit ransomware\r\ngroup — he goes by the name LockBitSupp. He’s under pressure because last month an international police\r\noperation infiltrated the group and seized not just their platform, but their hacking tools, cryptocurrency accounts\r\nand source code ending a four year ransomware rampage.\r\n“As of today, LockBit is effectively redundant,” Graeme Biggar, the director general of the UK’s National Crime\r\nAgency, told reporters when he announced the operation on February 19.\r\nOfficials had “hacked the hackers,” he said, adding that the fiercest ransomware gang was now “fundamentally\r\ndisrupted.”\r\nLockBit has been linked to thousands of attacks in recent years, including ones on hospital systems and critical\r\ninfrastructure. In 2022, the group attacked Canada's largest pediatric health center shortly before Christmas,\r\ncausing diagnostic and treatment delays. A September attack against two New York hospitals forced them to divert\r\nambulances and reschedule most appointments.\r\nSo far, several people alleged to be linked to the LockBit gang have been arrested in Ukraine and Poland with\r\nmore arrests expected. LockBitSupp, who law enforcement officials and cybersecurity experts believe is Russian,\r\nmay be shielded from arrest if he indeed resides there. There are conflicting reports about whether he does. \r\nThe conversation, conducted over an encrypted messaging app and translated from Russian, has been edited for\r\nclarity and length. An audio version of the story with more highlights can be found on Click Here’s Friday feature:\r\nMic Drop.\r\nhttps://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nPage 1 of 6\n\nILLUSTRATION BY MEGAN J. GOFF\r\nCLICK HERE: How did you find out about the takeover of the LockBit website and infrastructure?\r\nLOCKBITSUPP: I realized this when the site stopped working, and I couldn’t log into the server. I released a\r\ndetailed explanation of what happened. \r\nCH: What was the first thought when it dawned on you that law enforcement was in your systems?\r\nLS: The first thought that came to my mind was that my worst fears had come true. I knew that sooner or later the\r\nFBI would hack me and now they had. Initially, I felt fear and panic, but once I figured out how they did it, I\r\nstarted to calm down and began to work on restoring infrastructure.\r\nCH: Is it true that law enforcement had access to your tools, dashboards and even future versions of the\r\nLockBit ransomware?\r\nLS: That's true, but it doesn't affect business in any way. I take this as additional advertising and an opportunity to\r\nshow everyone the strength of my character. I cannot be intimidated. What doesn't kill you makes you stronger.\r\nCH: Were you surprised by the way law enforcement got into your systems? Did you find it more\r\nsophisticated than what they’ve done in the past?\r\nLS: I was very surprised. Over the years my vigilance has relaxed. I got lazy. Now I ask that the FBI hack me\r\nmore often [so that can’t happen again].\r\nCH: Law enforcement took over the LockBit platform, seized your hacking tools, froze accounts … it is a\r\nlittle bit like what you do when you launch a ransomware attack. Did you feel like one of your victims?\r\nLS: I felt like I was being hunted, like they were trying to destroy me. This is different from what we do because\r\nthey were not giving me a chance to recover. Our business is very different from this. We do post-payment\r\npenetration testing, and we return the systems to their original state after paying the ransom. They were trying to\r\nhttps://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nPage 2 of 6\n\ninflict maximum reputational damage to make me stop working. But [it has had the opposite effect] the FBI just\r\nmotivated me to work harder. They can't stop me.\r\nCH: You say you do penetration testing after payment to return systems to their original state, but some\r\ndata you were supposed to destroy after payment was apparently found on your platform. Tell us about\r\nthat.\r\nLS: This is a bluff and not true, the FBI is trying to tarnish my reputation because they cannot catch me, they hope\r\nthat if my reputation is destroyed I will stop working. If the FBI could provide at least one piece of evidence, it\r\nwould be good. [Click Here reached out to the FBI for a response and did not receive one by press time].\r\nCH: How are your partners, the people you work with, responding? Do you think you need to rebuild their\r\ntrust in you?\r\nLS: Partners, proven over the years, have joined me and continue to work. I don’t need to restore their trust\r\nbecause there is no reason not to trust me.\r\nCH: You’ve said that the raid on LockBit happened because you got lazy. Did you apologize to your\r\naffiliates for that?\r\nLS: The best apology to our partners is to continue working and improve security. If the FBI couldn't scare me,\r\nmy partners will respect me for standing up to them. Have you ever seen an affiliate program continue to work\r\nafter the FBI hacked?\r\nCH: So everyone has said they still want to work with you?\r\nLS: Some partners got scared, probably those who laundered cryptocurrency poorly. Most partners continue to\r\nwork though.\r\nCH: Is there any other ransomware group that worries you? Do you see them trying to take advantage of\r\nand undermine your position as a leading ransomware group?\r\nLS: Yes, I see that my opponents are trying to take advantage of the situation, but they will not succeed because I\r\nam too strong for my opponents. Previously, the only worthy competitor as I saw it was AlphV/BlackCat. But now\r\nthey are gone, and so now I don’t see a single worthy competitor.\r\nCH: How do you think this police action will affect business?\r\nLS: In the short term, profits will decrease. In the long term, I will prove that not even the FBI can stop me. The\r\nstronger I stand on my feet, the more my partners will know this is true and trust me. No one ever stood on their\r\nfeet after the FBI attack.\r\nCH: Not long after the takedown you put up a barebones LockBit leak site… there were five companies on\r\nit. But didn’t you launch attacks against them before the platform was seized by police? These are old\r\nvictims, not new ones.\r\nhttps://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nPage 3 of 6\n\nLS: I am publishing the remaining information to show that the FBI was not able to completely destroy my\r\ninfrastructure, so that in the future, companies that are attacked by us will know that it is better to pay than to be\r\npublished on our sites forever. Look, the FBI is not omnipotent; they just found a weak spot and struck. The battle\r\nwas lost, but the war hasn’t been. I will continue to work as long as my heart beats.\r\nCH: So a year from now, five years from now… where is LockBit?\r\nLS: I plan to continue working until my death. I don’t have a goal for a year or for five years. My only goal in life\r\nis to attack one million companies around the world and go down in human history as the most destructive\r\naffiliate program. Once I reach one million businesses on my blog, I will retire forever.\r\nCH: One other thing, why do you use cat emojis in your LockBitSupp messages?\r\nLS: All people love cats.\r\nCH: Maybe. I’m just wondering when law enforcement put a cat emoji on a public message to you, what\r\ndid you think? Did it make you mad?\r\nLS: It's cute. The FBI can't make me angry, they only teach me and make me stronger. I love the FBI — without\r\nthe FBI my life wouldn't be as fun, and they're just doing their job. So, how can they make me angry?\r\nhttps://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nPage 4 of 6\n\nDina Temple-Raston\r\nis the Host and Managing Editor of the Click Here podcast as well as a senior correspondent at Recorded Future\r\nNews. She previously served on NPR’s Investigations team focusing on breaking news stories and national\r\nsecurity, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were\r\nYou Thinking.”\r\nhttps://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nPage 5 of 6\n\nSean Powers\r\nis a Senior Supervising Producer for the Click Here podcast. He came to the Recorded Future News from the\r\nScripps Washington Bureau, where he was the lead producer of \"Verified,\" an investigative podcast. Previously, he\r\nwas in charge of podcasting at Georgia Public Broadcasting in Atlanta, where he helped launch and produced\r\nabout a dozen shows.\r\nSource: https://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nhttps://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on"
	],
	"report_names": [
		"after-lockbit-takedown-its-purported-leader-vows-to-hack-on"
	],
	"threat_actors": [
		{
			"id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5",
			"created_at": "2022-10-25T16:07:23.797925Z",
			"updated_at": "2026-04-10T02:00:04.752608Z",
			"deleted_at": null,
			"main_name": "LockBit Gang",
			"aliases": [
				"Bitwise Spider",
				"Operation Cronos"
			],
			"source_name": "ETDA:LockBit Gang",
			"tools": [
				"3AM",
				"ABCD Ransomware",
				"CrackMapExec",
				"EmPyre",
				"EmpireProject",
				"LockBit",
				"LockBit Black",
				"Mimikatz",
				"PowerShell Empire",
				"PsExec",
				"Syrphid"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434870,
	"ts_updated_at": 1775791780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7d606766a7d427e7ca598e4f506d2d7da4a6e554.pdf",
		"text": "https://archive.orkl.eu/7d606766a7d427e7ca598e4f506d2d7da4a6e554.txt",
		"img": "https://archive.orkl.eu/7d606766a7d427e7ca598e4f506d2d7da4a6e554.jpg"
	}
}