Behind Enemy Lines: Going undercover to breach the LockBit Ransomware Operation

Presented at DEF CON 32 (2024), Aug. 9, 2024, 10 a.m. (45 minutes).

Delve into the clandestine world of the LockBit ransomware gang! In this revealing presentation, I will recount my two-year journey spent infiltrating the inner ranks of the LockBit crime syndicate. Learn about the strategies employed to earn the trust of key individuals within the syndicate, including the gang's leader, LockBitSupp. You will see firsthand accounts of these exchanges, and I will detail the intricacies of my relationship with LockBit's leadership and its network of affiliate hackers. You will also gain insight into the unintended consequences of my actions, including how my perceived breach of their infrastructure impacted the syndicate's operations. More importantly, I will share how I assisted in unmasking the real-world person behind the mask of LockBitSupp. Join me as I illustrate the pivotal role of human intelligence in tandem with cyber threat intelligence to combat ransomware threats. This talk offers a compelling narrative of real-world efforts to thwart ransomware activities and safeguard organizations from LockBit ransomware attacks. - 60 min (full episode): 4/14/2024: Scattered Spider; Knife; Tasmanian Tiger - CBS News - 60 Min Overtime (additional footage from my interview about LockBit): Infiltrating ransomware gangs on the dark web - CBS News - Ransomware Diaries - Ransomware Diaries: Volume 1 | Analyst1 - Ransomware Diaries V. 2: A Ransomware Hacker Origin Story (analyst1.com) - Ransomware Diaries V. 3: LockBit's Secrets (analyst1.com) - Ransomware Diaries Volume 5: Unmasking LockBit (analyst1.com)

Presenters:

• Jon DiMaggio - Chief Security Strategist at Analyst1
  Jon DiMaggio is the chief security strategist at Analyst1 and has over 16 years of experience hunting, researching, and writing about advanced cyber threats. In 2022, Jon's authored his first book, "The Art of Cyberwarfare," which earned him the prestigious SANS Difference Makers Award, solidifying his status as a thought leader in the industry. The following year, SANs recognized his work once again, awarding his most notable research, "The Ransomware Diaries," detailing his operation to infiltrate the real-world humans behind the LockBit criminal operation. Jon’s other notable achievements include his appearance on 60 Minutes, where he discussed his undercover operations infiltrating some of the world top ransomware gangs. Jon’s research has been featured in The New York Times, Wired, Bloomberg, Fox, CNN, Reuters, and other news organizations.

Similar Presentations:

• Black Hat USA 2015 / Most Ransomware Isn't as Complex as You Might Think
• NolaCon 2017 / The Devil's Bargain: Emerging Trends in the Ransomware Ecosystem
• RVAsec 2021 / What’s Next In The Fight Against Ransomware