vx-underground

20 Jul 2024 15:05

We've seen a lot of questions about the CrowdStrike thing.

- No, this wasn't planned by CrowdStrike and Microsoft to force people to Windows 11. This didn't impact home users.

- No, this was not a test run to interfere with the United States election. This was worldwide. CrowdStrike isn't ran by the Biden administration.

- No, this was not a cyber attack. It was bad quality assurance testing on CrowdStrike's end.

- No, this wasn't performed to censor people on social media. This did not impact social media.

- No, this was not a result of DEI. We don't even understand how DEI is even remotely related to this, so if you think this is related to DEI you've probably got a concussion and need medical treatment.

- No, Elon Musk did not remove CrowdStrike from his computer before this happened. We have no idea what security product Elon Musk's companies use.

vx-underground

20 Jul 2024 00:54

One of the nerds who popped MGM (a member of Scattered Spider) was arrested in the UK. He was 17.

We posted about it, shared the link, but everyone is still pissing on CrowdStrike so we'll talk about it on Monday or something.

vx-underground

19 Jul 2024 20:40

> get phone call
> answer phone
> "hey have you heard about a cyber security company called CrowdStrike?'
> "nope, never heard of her"
> hang up

Don't explain this to non-nerds. They won't understand it and they'll get scared.

vx-underground

19 Jul 2024 17:51

tfw your company doesn't use CrowdStrike

vx-underground

19 Jul 2024 17:11

Leaked footage of CrowdStrike's legal department this morning

vx-underground

19 Jul 2024 16:43

In all seriousness, we offer our most sincere condolences to our friends and colleagues who work at CrowdStrike.

We're sorry we're memeing so hard — but the situation is so unbelievably bad it's borderline satire.

vx-underground

19 Jul 2024 16:04

The office printer seeing the IT Team trying to print thousands of BitLocker keys

vx-underground

19 Jul 2024 15:26

We apologize to the many people who follow us online.

Instead of doing our regular malware sample family updates and pushing new papers, we're going to meme this CrowdStrike thing until we develop arthritis.

vx-underground

19 Jul 2024 15:11

CrowdStrike cooked SkyNews. They're trying to do the news with no computers.

vx-underground

19 Jul 2024 14:47

How to fix the Crowdstrike thing:

1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge

vx-underground

19 Jul 2024 13:52

CrowdStrike has performed the largest ransomware attack in history.

Accidentally.

vx-underground

19 Jul 2024 13:37

Today CrowdStrike pushed out a botched update.

It has resulted in outages in Banks, Airlines, Emergency hotlines, ???

It's 6am on a Friday and CrowdStrike cooked the internet

vx-underground

19 Jul 2024 05:02

Blah blah blah, helping criminals, blah blah blah. But seriously, Babuk causes EVERYONE problems. It is a colossal piece of shit.

vx-underground

19 Jul 2024 01:16

We see some nerds getting super hostile to women in tech — especially if they're conventionally attractive and/or have a high number of followers on social media

If you're feeling upset: scream at your Mom, heat up some pizza rolls, and put on some anime

It's going to be okay.

vx-underground

18 Jul 2024 17:28

The real Lockbit ransomware group Telegram channel and their first fancy little message. Interesting times we live in, seeing them pivot to Telegram.

vx-underground

20 Jul 2024 04:40

We're coming across more and more Threat Actors who are children – some as young as 14 years old.

vx-underground

19 Jul 2024 23:15

Just saw KitKat bars and Duolingo making BSOD jokes.

Wtf CrowdStrike you've ruined everything and it's only getting worse

vx-underground

19 Jul 2024 18:03

CrowdStike PR trying to apologize to enraged IT nerds

vx-underground

19 Jul 2024 17:36

"We need you to come info the office and help us find all the BitLocker keys"

vx-underground

19 Jul 2024 16:53

We thought like, maybe a big ransomware incident, or a data leak.

We didn't expect arguably one of the largest IT outages in history caused by arguably one of the largest cybersecurity companies in history.

¯\_(ツ)_/¯

vx-underground

19 Jul 2024 16:05

The IT team when they realize they're out of ink and need to handwrite them

vx-underground

19 Jul 2024 15:36

Stock exchange opened. It appears CrowdStrike share holders are relatively concerned.

vx-underground

19 Jul 2024 15:13

CrowdStrike cooked airports in India. They're issuing handwritten boarding passes

vx-underground

19 Jul 2024 15:09

CrowdStrike cooked the Los Angeles International Airport

Even non-nerds freaking out – they think it's some massive 1337 hack (it's just bad coding).

vx-underground

19 Jul 2024 14:42

Threat Actors today wondering where the hell all their compromised hosts went

vx-underground

19 Jul 2024 13:45

As we continue to do our daily news check up, we can confirm that CrowdStrike has performed a colossal oopsie and has done catastrophic damage.

We have never witnessed an oopsie of this magnitude

vx-underground

19 Jul 2024 05:28

wHy dOnT u uSe Ur larGe sOcIAl mEdIa pResCencE 2 dIsCUss pOliTicS

1. Everyone discusses politics. This is a shitpost, malware, and chill zone.

2. We are (mostly) United States based and the current political landscape closely resembles a SouthPark skit

Example:

vx-underground

19 Jul 2024 05:00

This post is going to be controversial. But we believe it is necessary. Threat Intelligence nerds, Blue Team nerds, and Law Enforcement nerds following us on sock accounts – don't have a conniption.

Dear Threat Actor(s) who contact us,

We advise you do NOT use the leaked Babuk builder and source code. Babuk is notorious for failing to decrypt files (especially large files), and corrupting data. If you (or your group) decide to do ransomware ... for the sake of literally everybody involved (you and/or your group, the victim, Threat Intelligence, Digital Forensic & Incident Response firms, Law Enforcement, etc) DO NOT USE BABUK. Don't go anywhere near Babuk. If someone recommends Babuk, slap them around with a large trout.

Thanks,

vx-underground

18 Jul 2024 17:28

You can contact the LockBit boss on the contacts below, waiting for an answer can take some time from 1 minute to several days depending on the workload.
With questions about decryption to write only in a chat on the site, if the person who encrypted your network does not answer you more than two days or you have any other problems, you can contact me.
Please write a single message and state the whole point, do not write just "hello", "here?", "can I ask you a question?" and other similar messages.
PGP KEY, for encryption of some very important messages or files, the private key is in the hands of one person, on an encrypted computer of the main developer and organizer of the affiliate program, without access to the Internet, PGP KEY has never been transferred and will not be transferred to other people.
Please expect an answer, absolutely everyone and always gets an answer, regardless of the question.



=================================
Tox
https://tox.chat/download.html

Tox ID Support
3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D9287582D6FCB



=================================
XMPP

XMPP Clients:
https://pidgin.im
https://adium.im/
https://psi-plus.com/wiki/en:downloads
https://monal-im.org/
https://f-droid.org/packages/eu.siacs.conversations/

XMPP servers:
https://anonym.im/
https://www.jabbim.com/

lockbit@anonym.im
lockbitapt@jabb.im


=================================
Briar
https://briarproject.org

LockBit Briar ID
briar://abv3rrd62jpln5tyk6nbwospngef5ropu7gkrhnsjn5nvqglek3e2



=================================
Forum profile
http://rampjcdlqvgkoz5oywutpo6ggl7g6tvddysustfl6qzhr5osr24xxqqd.onion/members/lockbit.9/



=================================
https://telegram.org/
Telegram (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
Fox William Mulder
@foxwm_apt

Telegram channel (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
Fox William Mulder
/channel/foxwmapt



=================================
https://www.signal.org/
Signal (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
@lockbit20.19



=================================

PGP PUBLIC KEY
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/pgp.txt

-----BEGIN PGP PUBLIC KEY BLOCK-----

vx-underground

18 Jul 2024 17:26

After nearly two weeks of radio silence from Lockbit ransomware group they've returned with a Telegram account, a Briar account, a Signal account, and an XMPP account

They also immediately threw shade at RansomHub by accusing them of being a rebrand of ALPHV.