Skip to content

LockBit claims to have access to classified FBI data

  • by
  • 3 min read

Illustration: JMiks | Shutterstock

Infamous ransomware gang LockBit has returned to the limelight, this time with a birthday message for the FBI’s newly appointed director, Kash Patel. On its dark web website, the group’s leader, known as LockBitSupp, posted a lengthy message claiming they have access to classified FBI files so sensitive that leaking them to the public could destroy the FBI as a structure.

The files, which are seemingly a collection of over 250 folders in alphabetical order dated May 29, 2024, were meant as a “personal birthday gift” for the FBI director. While now labeled as published, the files were initially only accessible by Patel — password protected and accompanied by a TOX ID for him to get in touch with LockBitSupp.

The message itself is claimed to be written out of concern for US security, with LockBitSupp describing themselves as a “worthy son of the American Fatherland.” They go on to add that the real threat to the US is a “trans-continental pro-state group” that attacks critical infrastructure and steals data for espionage and diversion. No names were mentioned, but the description fits Chinese state-backed hacking groups actively targeting the US.

This is an image of fbi hq j. Edgar hoover building 1

Cybernews reports that the parent file directory LockBitSupp claims contains confidential FBI data and a longer note detailing how the agency compromised LockBit servers in February 2024. The write-up blames LockBitSupp’s “personal negligence and irresponsibility” in not patching a critical PHP vulnerability for the breach, adding that the FBI only accessed about 1,000 of the group’s 40,000 decryptors.

LockBit has survived multiple shutdown attempts by the FBI and other international law enforcement agencies. In October 2024, Europol made four arrests in an operation involving 12 countries, seized nine servers, and imposed sanctions against an actor the British National Crime Agency (NCA) identified as a “prolific affiliate” of LockBit, in addition to making four arrests.

The ransomware group’s site was taken down at the time. Law enforcement left a rather spirited message on the defunct site thanking LockBitSupp for letting them compromise the platform and “discover all this juicy data.” LockBit has hit back multiple times since, with reports of a LockBit clone emerging with macOS attacking capabilities coming shortly after, followed by the group’s leaders teasing a new variant of their notorious ransomware.

In the News: Threat actors exploit viral video clickbait to spread malware

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Malware-laden text editor used to target Uyghur users

This is an image of phishing featured storyblocks

Over 30,000 Australian banking credentials stolen

This is an image of nvidia featured 133133

Nvidia Riva API at risk of DoS attacks and data extraction

This is an image of galaxy s21 fe 3

Galaxy devices can leak passwords via clipboard bug

This is an image of data breach featured cybersecurity 113 e1666861228304

Sensitive information of over 5.5 million patients stolen from Yale Health

This is an image of data breach cyber security 239847238978

Lazarus threat actors breach six South Korean companies

>