HT to @brett, apparently LockBit 3.0’s site has been seized by the NCA.

If real, the NCA should note the leaked data, file share and private note servers and portals are still online. #threatintel

LockBit are offline on instant messaging, y'all will be surprised to know.

LockBit still have infrastructure online, which is still counting up in terms of uptime.

It's pretty mind boggling to me that for 4 years 170 days, these guys have been doing horse carriage robbery of schools and hospitals and.. uh... they just did it.

(Also, yes, they have a bug bounty that pays better than most large orgs).

Just to be super clear, 3 different LockBit services are still online:

http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/
http://lockbitfile2tcudkcqqt2ve6btssyvqwlizbpv5vz337lslmhff2uad.onion/
http://lockbitnotexk2vnf2q2zwjefsl3hjsnk4u74vq4chxrqpjclfydk4ad.onion/

The first one is still serving stolen data, so if law enforcement have taken control of the infrastructure they definitely need to shut that one down.

The last (?) listed LockBit 3.0 victim org.

Okay, the NCA did a 10/10 job with the trolling of LockBit here.