The FBI Offers $10M Reward For Info on LockBit's Gang Leaders
LE took the Keys & Unplugged Them - Now they want to ID them & Extradite them Back to the U.S.

After Dismantling LockBit's Infrastructure & Seizing Control of Their Servers & Domains
The NCA has mocked cybercriminals, posting a message in the hijacked LockBit panel informing affiliates that law enforcement may be in touch with them very soon. On the LockBit leak site, the NCA now displays a list of nearly 200 usernames allegedly associated with LockBit affiliates.

Affiliates receive from the ransomware operators the malware and infrastructure needed to carry out attacks, and they get an agreed-upon percentage of the ransom.

More than 14,000 accounts on services such as Mega, Protonmail and Tutanota, which have been used for infrastructure and data exfiltration, have been shut down.

Another page on the LockBit leak site suggests that authorities will soon reveal the identity of LockBitSupp, the leader of the ransomware operation.

The Department of State announced rewards totaling up to $15 million for information leading to the arrest and/or conviction of individuals participating in LockBit ransomware attacks. Specifically, up to $10 million is offered for information on LockBit leaders and up to $5 million for information on affiliates. securityweek.com


Reported Feb 21, 2024 on the D&D Daily

FBI Takes Down #1 Rasomware Gang - The 'Lockbit' Gang
DOJ: U.S. And U.K. Disrupt Lockbit Ransomware Variant

U.S. Indictments Charge Two Russian Nationals with Attacks Against Multiple U.S. and International Victims; FBI Seizes Infrastructure; and Department of Treasury Takes Additional Action Against LockBit

SAN FRANCISCO – The Department of Justice joined the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group, one of the most active ransomware groups in the world that has targeted over 2,000 victims, received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars.

The U.K. National Crime Agency’s (NCA) Cyber Division, working in cooperation with the Justice Department, Federal Bureau of Investigation (FBI), and other international law enforcement partners disrupted LockBit’s operations by seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data. As of today, five LockBit members have now been charged for their participation in the LockBit conspiracy.

“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” said Attorney General Merrick B. Garland. “And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data.

The Justice Department also unsealed an indictment obtained in the District of New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims throughout the United States, including businesses nationwide.

Finally, the Department also unsealed two search warrants issued in the District of New Jersey that authorized the FBI to disrupt multiple U.S.-based servers used by LockBit members in connection with the LockBit disruption. As disclosed by those search warrants, those servers were used by LockBit administrators to host the so-called “StealBit” platform, a criminal tool used by LockBit members to organize and transfer victim data. '

Additionally, the NCA, in cooperation with the FBI and international law enforcement partners, has developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Beginning today, victims targeted by this malware are encouraged to contact the FBI at https://lockbitvictims.ic3.gov/ to enable law enforcement to determine whether affected systems can be successfully decrypted. justice.gov

Watch the Attorney General’s remarks at www.youtube.com/watch?v=-jKykhKKMZw.


FBI's Core Cyber Strategy: "Playing the Long Game & Taking Players Off the Field"

Ukrainian Ring Leader of Two Malware Gangs & Topped FBI's Cyber Most Wanted List For 10Yrs.+ Pleads Guilty
DOJ: Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses
Vyacheslav Igorevich Penchukov pleaded guilty on February 15, 2024, in federal court in Lincoln, Nebraska for his role in two separate and wide-ranging malware schemes involving tens of millions of dollars in losses.

Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Vyacheslav Igorevich Penchukov, 37, of Donetsk, helped lead a wide-ranging racketeering enterprise and conspiracy that infected thousands of business computers with malicious software known as “Zeus” beginning in May 2009. After installing “Zeus” without authorization on victims’ computers, the enterprise then used the malicious software to capture bank account information, passwords, personal identification numbers, and similar information necessary to log into online banking accounts. Penchukov and his co-conspirators then falsely represented to banks that they were employees of the victims and authorized to make transfers of funds from the victims’ bank accounts, causing the banks to make unauthorized transfers of funds from the victims’ accounts, resulting in millions of dollars in losses to the victims. The enterprise used residents of the United States and elsewhere as “money mules” to receive wired funds from victims’ bank accounts into their own bank accounts, who then withdrew and wired funds overseas to accounts controlled by Penchukov’s co-conspirators.

Penchukov also helped lead a conspiracy that infected victim computers with IcedID or Bokbot, a new malware, from at least November 2018 through February 2021.

Penchukov was arrested in Switzerland in 2022 and extradited to the United States in 2023. He now faces 20 years in prison for each count he plead guilty to.

“Core to the FBI’s cyber strategy is our willingness to play the long game and take players off the field. Vyacheslav Penchukov was a prolific criminal for over a decade and his criminal activities caused millions in damages,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. justice.gov

Editor's Note: Our sources indicated that Penchukov, who rarely leaves his home town, was kidnapped by the FBI while on vacation with his family having dinner at a fine restaurant. it's been reported that most of these prolific hackers never leave their non-extradition home towns for just this reason. -Gus Downing


2021 FBI Takedown of Illegal Marketplace Leads to 'Prolific Vendor' Guilty Plea
DOJ: Russian Citizen Pleads Guilty to Selling Stolen Financial Information on Criminal Internet Marketplace, Slilpp
WASHINGTON – Georgy Kavzharadze, 27, pleaded guilty today to being a prolific vendor of stolen financial information, login credentials, and other personally identifying information (PII) on a criminal internet marketplace called Slilpp.

Between July 2016 and May 2021, Kavzharadze, using the name “TeRorPP,” listed for sale over 626,100 stolen login credentials on Slilpp and sold more than 297,300 of them on the illegal marketplace. Those credentials were subsequently linked to $1.2 million in fraudulent transactions, or attempted transactions.

In June 2021, the FBI, in a coordinated action with international law enforcement partners, disrupted Slilpp by seizing its infrastructure and domain names. The Slilpp database contained a wealth of historical information about Slilpp vendors, customers and transactions, including subscriber and payment information for individual accounts that have been used to buy and sell login credentials over Slilpp. The database accurately reflected known Slilpp transactions and subscriber records, including FBI undercover purchases.

On August 19, 2021, Kavzharadze was charged with conspiracy to commit bank fraud and wire fraud, bank fraud, access device fraud, and aggravated identity theft. He was subsequently extradited to the United States. He had an initial appearance in the U.S. District Court on May 18, 2022. justice.gov
 

Flipping 5,000+ Counterfeits for the Real iPhones at Stores
DOJ: Two Chinese Nationals Convicted of $3M+ Scheme to Defraud Apple Inc. Out of 5,000 iPhones
A federal jury in the District of Columbia convicted two Chinese nationals today for participating in a sophisticated scheme in which they submitted more than 5,000 inauthentic phones to Apple Inc., intending to cause a loss of more than $3 million to Apple.

Along with their co-conspirators, submitted counterfeit iPhones to Apple for repair to get Apple to exchange them with genuine replacement iPhones. Sun and Xue received shipments of inauthentic iPhones from Hong Kong at UPS mailboxes throughout the D.C. Metropolitan area. They then submitted the fake iPhones, with spoofed serial numbers and/or IMEI numbers, to Apple retail stores and Apple Authorized Service Providers. justice.gov


Home Depot's East Coast Thief Getting Deported
DOJ: Brazilian National Sentenced, Faces Deportation in Scheme That Defrauded Home Depot of Nearly $300,000
PROVIDENCE, RI – A former West Hartford, CT, resident who, for more than eight months prior to his arrest and detention nearly two years ago, operated a scheme in several states, from Maine to Rhode Island to Maryland, to steal and return merchandise to Home Depot, amassing and spending nearly $300,000 in store credit, has been sentenced to time served, ordered to pay full restitution, and faces deportation proceedings, announced United States Attorney Zachary A. Cunha.

According to court documents and information presented to the court, on at least 60 occasions spread over approximately eight months from mid-2021 to early 2022, Costa-Mota stole merchandise from the retailer then returned the merchandise for store credit. He amassed – and spent - $297,332 in store credit. He executed the scheme at no less than 40 different store locations. To evade detection, he used fake driver licenses for identification purposes.

Alexandre Henrique Costa-Mota, 27, a Brazilian national, pleaded guilty in U.S. District Court in Rhode Island on November 9, 2023, to charges of wire fraud and conspiracy. He was sentenced today by U.S. District Court Chief Judge John J. McConnell, Jr. to time served, three years of federal supervised release, and to pay restitution to Home Depot in the amount of $297,332. justice.gov


What Security Program Were They Running?
DOJ: Michigan Woman Arrested For Role In Fraud Scheme - Theft Of Over $800k In Luxury & Designer Apparel & Accessories

Brandalene Horn Engaged in a Fraud Scheme to Induce Victim Companies to Send Her Over $800,000 in Luxury and Designer Goods, Which She Then Stole and Sold Online

Charging BRANDALENE HORN with mail fraud, wire fraud, and the interstate transportation of stolen property in connection with a scheme to defraud three victim clothing rental companies by opening hundreds of accounts to rent women’s apparel and accessories, stealing those rented items, and selling them on an e-commerce marketplace.

HORN’s listings for the stolen items on the e-commerce marketplace often used the victim companies’ proprietary photographs and item descriptions that substantially matched the descriptions used by the victim companies.

Although the victim companies attempted to charge HORN for the items she stole, HORN avoided those charges by disputing them with her credit union or canceling the credit and debit cards she had provided to the victim companies. HORN’s fraudulent activity caused the victim companies to flag or close her accounts, but HORN opened new accounts so she could continue stealing and selling luxury and designer goods.

During this period, HORN stole over 1,000 items, valued at over $823,000, from the victim companies and sold over $750,000 worth of stolen items. justice.gov


Heads Up Target Security Officer Stops This Scheme
DOJ: Chinese Nationals Sentenced for Trafficking Counterfeit Gift Cards at Target shoppers across the Midwest
EAST ST. LOUIS, Ill. - Hongying Wang, 53, and Guangwei Gao, 38, pleaded guilty to one felony count of using and trafficking in a counterfeit access device. The pair have been incarcerated since Jan. 21, 2023, and so have served their full prison time.

Wang, Gao, or others working with them retained the access numbers to 6,100 gift cards with intent to place the altered gift cards on the sales racks at Target. Once a gift card was loaded with funds by an unsuspecting patron, the fraudsters would have the codes needed to steal the funds.

In January 2023, a Target security officer observed Wang and Gao placing gift cards onto the racks in the Belleville store for customers to purchase. Upon further review, the gift cards were altered with the codes scratched off and covered by stickers to appear untouched.

In addition to Belleville, the following Target locations were knowingly affected by the scheme: Albuquerque, New Mexico; Norman, Oklahoma; Edmond, Oklahoma; Liberty, Missouri; Independence, Missouri; St. Peters, Missouri; Town and Country, Missouri; and Brentwood, Missouri. justice.gov


Charlotte, NC: Thieves steal 20 guns after driving stolen car into south Charlotte store
An employee at a south Charlotte gun store said someone smashed through the front door and stole nearly two dozen guns. It happened at the Carolina Sporting Arms on South Boulevard. Channel 9′s Evan Donovan learned two people smashed a stolen car into the front doors of the business around 4 a.m. Tuesday, according to an employee. Then they ran in, stole the guns, and ran off. “The alarm company called so we were here pretty quick. And the police were here,” said Mike Simpson. Simpson is the director of training at Carolina Sporting Arms. He described what he saw when he arrived at the store after getting that call. Simpson said typically the front doors have security and a rolling metal door behind them. But they have since been temporarily replaced. After employees did an inventory, they found 20 guns were missing. The police report lists the types of guns and their value: Eighteen pistols, a shotgun, and a rifle. Nearly $14,000 worth of guns are now on the street. Simpson said he’s hoping justice will come swiftly.  wsoctv.com


San Mateo, CA: 3 females arrested for stealing $1,400 worth of clothing from Lululemon
Three females who allegedly stole $1,400 worth of clothing from a Lululemon store were arrested Tuesday night, according to the San Mateo Police Department. The females were discovered concealing items in bags and attempting fraudulent returns by Lululemon security guards, police said. San Mateo PD was contacted by loss prevention and responded in time to position officers outside the store. As the females exited with numerous bags of stolen merchandise, officers detained them without incident. One of the females was discovered to have a $200,000 warrant for theft-related offenses, police said. All three were arrested. They are likely responsible for additional thefts in the North Bay, according to police.  news.yahoo.com


Peachtree City, GA: High-End Perfume Thefts Plague Merchants
Imagine walking into your favorite store, where the aroma of expensive perfumes fills the air, only to find that some of the most coveted bottles have vanished without a trace. This is the reality for several merchants in Peachtree City, where a spree of shoplifting incidents has left shelves emptier and the local police force on high alert. From the theft of luxury fragrances valued at $2,500 to the audacity of carting away unpaid goods, the community finds itself grappling with a wave of retail theft that's anything but fragrant. The Peachtree City Police Department has been on the case, piecing together evidence from a series of thefts that seem to share a common thread: high-end perfumes. Brands like Fendi, Armani, Rue 21, and Gucci have been targeted, with the thieves making off with goods valued at a staggering $2,500 from retailers such as Ulta and Sephora. But the thefts don't stop at fragrances. Local Walmart stores have also reported losses, including an incident where an individual left with a cart full of items without paying, and another involving a couple who partially paid for their merchandise at a self-checkout lane, costing the store $15.  bnnbreaking.com


Clarion County, PA: Two charged with multiple retail thefts from Walmart totaling over $800

Summerfield, FL: 2 women charged self scanner theft on multiple occasions, totaling over $500