vx-underground

08 May 2024 20:34

Yesterday Palo Alto Networks paid a group of people to do this performative dance outside of RSA Conference. However, when Palo Alto uploaded the footage online (featured above) people called it cringe and mocked it relentlessly.

tl;dr we out here

vx-underground

08 May 2024 14:02

We don't understand it, but apparently this is a 10/10 banger Russian meme.

vx-underground

08 May 2024 04:04

May 10th we are going to release something very very interesting we think all of you will enjoy. It'll be funny news on a Friday:)

vx-underground

07 May 2024 18:29

The FBI, NCA UK, and EUROPOL state that when Lockbit ransomware group ransomed SickKids Canada, LockbitSupp failed to deliver a working decryption key to the childrens hospital.

vx-underground

07 May 2024 16:51

Mistranslation: "he'll get fucked for my sins" – implying the wrong person will be arrested.

vx-underground

07 May 2024 16:36

Lockbit ransomware group has made a statement to the FBI. It says: "The FBI is bluffing, I’m not Dimon, I feel sorry for the real Dimon))) oh, and he’ll get pussy for my sins)))"

vx-underground

07 May 2024 16:17

The leader of Lockbit ransomware group had an iCloud email 😭😭😭

vx-underground

07 May 2024 16:04

Today the United States Department of Justice unveiled the leader of Lockbit ransomware group.

vx-underground

07 May 2024 07:29

In roughly 9 hours the United States Department of Justice is scheduled to unveil the identit(ies) of Lockbit ransomware group leadership.

Through extensive research and investigation we have several theories on whom the leader(s) really are.

vx-underground

07 May 2024 02:48

We share information on someone getting hacked, or a cute kitty cat, or a meme, 10000000+ likes and retweets.

We work hard to add data and it's crickets.

vx-underground

07 May 2024 01:24

"Can Java be in the light bulb?", asked like a true degenerate internet nerd

vx-underground

06 May 2024 16:13

Kitty is reviewing Lockbit posts.

vx-underground

06 May 2024 15:05

Today Lockbit ransomware group began listing dozens of ransomed companies. Let's review them!

Posts today that are new or not indexed:
- HtcInc (new and/or not indexed)
- Irc Be (new and/or not indexed)
- GeoTechEnv (new and/or not indexed)
- Svenskakyrkan (new and/or not indexed)
- TDT Aero (new and/or not indexed)
- Kras hr (new and/or not indexed)
- Eviivo (new and/or not indexed)

Websites that don't exist (???):
- Sunray-dot-com (website listed doesn't exist)

Data posted but its repeat data:
- ChuzeFitness (originally posted 2023-12-19)
- FoxSemicon (originally posted 2024-01-19)
- Alfiras (originally posted 2024-02-09)
- Smbw (originally posted 2023-12-26)
- Cms Law (originally posted 2023-12-13)
- Denave (originally posted 2023-12-07)
- SunnyDesigns (originally posted 2023-04-25)
- PTOW (originally posted 2023-04-25)
- Peachtree-Medical (originally posted 2023-04-25)
- AtlanticEye (originally posted 2023-04-25)
- Central-K12-OR-US (originally posted 2024-03-05)

vx-underground

06 May 2024 00:16

An unknown Threat Actor(s) claims to have compromised International Baccalaureate Organization (IBO), a nonprofit foundation headquartered in Geneva, Switzerland.

We have briefly reviewed the data and from a high-level overview this breach looks legitimate and like they've got everything... They've released nearly 100 photos as proof and the proof is damning

vx-underground

05 May 2024 23:35

Today we spoke with Lockbit ransomware group administrative staff regarding the return of the old domain and new messages from FBI, NCA UK, and EURPOL.

Lockbit ransomware group states law enforcement is lying.

Lockbit also said and quote: "I don't understand why they're putting on this little show. They're clearly upset we continue to work."

Lockbit insists they will continue to work and will continue to "bring" new victims.

In roughly 36 hours the FBI, NCA UK, and EUROPOL hint at unveiling the identity of the leader(s) of Lockbit ransomware group and the identities of more ransomware affiliates.

vx-underground

08 May 2024 20:31

me and the boys stretching before we start thrunting in the streets 💯💯💯

vx-underground

08 May 2024 06:35

Yes, we know you nerds want us to enable comments. Give us time. We're very busy.

We'll probably (maybe) do it this weekend.

Love you 😘💕😘💕😍

vx-underground

07 May 2024 20:52

It's been an exciting day today. What have we learned about the leader of Lockbit ransomware group?

1. He's relatively young, 31 years old
2. He likes sushi and Cheesecake Factory
3. He drives a Mercedes
4. He doesn't own a yacht
5. He doesn't live in a mansion
6. He doesn't live in New York City
7. He was into gardening (???)
8. He owns some nice suits
9. He has a lot of money, but has a hard time laundering it
10. He has a couple businesses that look semi successful
11. He lives in a regular apartment
12. He plays pool
13. He's a big fan of Apple products
14. He spoke with the FBI online (???)

vx-underground

07 May 2024 17:15

Some of LockbitSupp a/k/a Dmitry Khoroshev's data and PII was exposed as a result of a Yandex data breach.

It exposes his address and food order history. It shows him ordering Cheesecake Factory semi-frequently.

Information via Info_IntelX

vx-underground

07 May 2024 16:48

https://www.youtube.com/watch?v=yCzoc4oGRjY

vx-underground

07 May 2024 16:26

The United States Department of Justice has unsealed the indictment against Dmitry Khoroshev a/k/a LockbitSupp.

We have downloaded and archived it. You can check it out here as "lockbit_indictment.pdf"

https://vx-underground.org/tmp

vx-underground

07 May 2024 16:11

Today the United States Department of Treasury announced sanctions against Dmitry Yuryevich Khoroshev a/k/a LockbitSupp, the individual believed to be the leader behind Lockbit ransomware group

https://home.treasury.gov/news/press-releases/jy2326

vx-underground

07 May 2024 07:35

Today we learned that the United States Justice for Rewards program, ran by the U.S. Department of State, follows us on Twitter.

We retract every meme we've made about the U.S. government. Please don't send us to Guantanamo Bay.

We are also sorry you have to see our shit posts

vx-underground

07 May 2024 03:48

CrowdStrike has made a badass ... statue? Doll? For Scattered Spider at RSA conference.

Thank you ddd1ms for the photo. You knew we'd love to see some shrines

vx-underground

07 May 2024 02:42

Hello, we have a large update.

We've updated the vx-underground malware samples collection:
- Bazaar.2024.04
- Virussign.2024.04.28
- Virussign.2024.04.29
- Virussign.2024.04.30
- Virussign.2024.05.01
- Virussign.2024.05.02
- Virussign.2024.05.03
- Virussign.2024.05.04
- Android.Mobtes
* Tomorrow 39 new APT papers and/or samples will be added for the month of April, 2024

Paper updates:
- The Old New Thing – April, 2024
* Tomorrow 200+ malware reverse engineering or detection papers will be added for the month of April, 2024

vx-underground

06 May 2024 16:14

Kitty isn't impressed by Lockbit

vx-underground

06 May 2024 15:17

Mildly interesting note: Lockbit ransomware group keeps posting ransomed companies. 75% we've seen before. However, the recent listing of 'Yucatan' was initially ransomed by ALPHV on 2023-04-13

(unless it's a different Yucatan)

vx-underground

06 May 2024 01:57

Hello, how are you?

We are returning to our scheduled day of rest.

PLEASE – no one else do anything crazy. It's been an abnormally crazy Sunday. Everyone put their metaphorical internet cyber guns down and relax.

Have a nice day and/or evening.

vx-underground

05 May 2024 23:41

Will law enforcement actually unveil the leadership behind Lockbit ransomware group?

Will law enforcement indict more ransomware operators?

What has law enforcement secretly been doing?

What will the press release say?

Find out on the next episode of Dragon Ball Z

vx-underground

05 May 2024 23:11

FBI and NCA UK right now after seizing Lockbit ransomware groups website for a 2nd time 😭😭