Despite efforts to disrupt the ransomware group, LockBit swiftly returned online with a fresh website for data leaks shortly after its servers were seized. LockBit resurfaces after being targeted by US and UK law enforcement.
(Photo : DAMIEN MEYER/AFP via Getty Images)
In a coordinated international effort, the US and UK authorities have taken down LockBit, a notorious cybercrime gang infamous for ransomware attacks.
Resuming Attacks After Lockdown
The LockBit ransomware syndicate has resumed its operations, employing enhanced encryption tools and directing ransom demands to fresh servers following recent law enforcement interventions.
Despite facing disruptions, LockBit swiftly established a new platform for data leaks and issued a detailed statement directed at the FBI, alleging server infiltration through a PHP vulnerability.
Rather than undergoing a complete rebranding, LockBit vowed to come back stronger, emphasizing upgraded infrastructure and fortified security measures aimed at thwarting law enforcement's wide-scale operations and thwarting attempts to access decryption tools.
LockBit has resumed its attacks, now using new encryption tools and setting up new platforms for leaking data and negotiations as of yesterday. The ransom notes from LockBit's updated encryption software now include Tor URLs, allowing access to their revamped infrastructure.
Samples of these updated encryption tools were discovered on VirusTotal yesterday and today, along with the revised ransom notes, as confirmed by BleepingComputer.
Furthermore, the reactivation of the negotiation servers for this operation. However, these servers are currently only accessible to victims targeted in the latest attacks.
During LockBit's takedown, around 180 affiliates collaborated with them to conduct attacks. It's unclear how many affiliates are still active with the Ransomware-as-a-Service.
LockBit has announced that they are actively seeking skilled pentesters to rejoin their operation, indicating the potential for more attacks in the future.
Whether this signals LockBit's intention to rebrand and gradually fade away, similar to Conti, remains uncertain. However, it's prudent to consider LockBit as an ongoing threat for now.
Taking Down Lockbit Ransomware Gang
The international law enforcement operation known as "Operation Cronos" was a rare collaboration involving Britain's National Crime Agency, the US Federal Bureau of Investigation (FBI), Europol, and other global police agencies.
In a message posted on LockBit's extortion website, it was announced that the site was now under the control of the UK's National Crime Agency, in coordination with the FBI and the international task force, 'Operation Cronos.'
While law enforcement agencies have confirmed their involvement in disrupting LockBit's activities, they have also emphasized that the operation is ongoing and evolving, indicating a sustained effort to dismantle the criminal network.
LockBit, notorious for its widespread ransomware attacks targeting organizations across various industries, has reportedly breached some of the world's largest organizations in recent months.
US officials have labeled it as one of the most serious ransomware threats globally. It has attacked more than 1,700 US organizations across various sectors like finance, education, transportation, and government agencies.
Related Article : US, UK Take Down Lockbit Ransomware Gang, Seize Its Dark Web Leak Site