LockBit Ransomware Group Emerges Again Following Law Enforcement Action
The notorious LockBit ransomware group is back in action after a recent international crackdown. If you recall, LockBit’s operations were severely disrupted by a coordinated international law enforcement effort. Authorities seized servers, cryptocurrency, and decryption keys, and many members were arrested and indicted.
However, those efforts did not stop them for good, LockBit claims they are back in business! They claimed to have restored their servers. Their dark web site, where they leak data stolen from victims, was hacked by law enforcement using a vulnerability in the PHP programming language. However, any services without PHP remain functional and continues to leak data from attacked companies.
The threat actors have resurfaced on the dark web but have moved its data leak portal to a new. onion address on the TOR network, and already has twelve new victims. LockBit’s new dark web site has a gallery of victims listed out with a countdown clock marking their deadline to pay the ransom.
The LockBit ransomware group is determined to install fear and make it known they cannot be stopped, by anyone. The leader of LockBit issued a statement that was sent to the FBI, “They want to scare me because they cannot find and eliminate me, I cannot be stopped.” This statement comes on the heels of the US announcing it had charged two Russian nationals with deploying Lockbit ransomware all over the world. Police in Poland and Ukraine made arrests also. Law enforcement is trying hard to discredit LockBit’s standing amongst its affiliates and partner criminal groups.
I am sure we will continue to see LockBit and law enforcement battle, let us hope the good guys win in the end. In the meantime, it is important to take all the necessary steps in your business to protect against LockBit and all the other cybercriminal and ransomware groups that are looking to take down businesses all over the world with their illegal activity.
Read More: