The notorious ransomware group LockBit has re-emerged on the dark web, signaling a swift comeback less than a week after a significant disruption by international law enforcement agencies.
This resurgence underscores the persistent and adaptable nature of cybercriminal organizations in the face of legal pressures and cybersecurity efforts.
Law Enforcement’s Ongoing Battle
Despite the recent arrest of three men linked to LockBit activities, the primary administrator known as LockBitSupp remains at large.
The U.S. State Department has offered rewards of up to $15 million for information leading to the identification or arrest of the group’s members, highlighting the high stakes in dismantling such networks.
LockBit’s comeback is marked by listing more than two dozen servers containing victim data and using a new blog to communicate with their affiliates and victims.
Lockbit admin released a statement saying that penetration occurred through a PHP flaw, and now the PHP version has been updated.
Lockbit has restored its servers (new Tor domains) and is planning on making a statement to the FBI regarding last week’s takedown.
Season 2 of FBI vs Lockbit ransomware group is scheduled to premier in roughly 1 hour.Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown.Stay tuned for the next episode of Dragon Ball Z pic.twitter.com/B03w7Y43e2
— vx-underground (@vxunderground) February 24, 2024
The group has also been exploiting the CitrixBleed vulnerability, which affects Citrix load balancing and networking equipment, to gain access to networks and deploy ransomware.
This tactic demonstrates LockBit’s ability to adapt and exploit new vulnerabilities in enterprise systems.
The Challenge Of Cybersecurity
The LockBit incident highlights the complex obstacles that law enforcement and cybersecurity experts encounter in their endeavors.
The group’s ability to quickly restore operations from backup servers and establish a new dark web presence after their site’s takedown by the FBI and international partners shows the resilience of such criminal enterprises.
The LockBit group’s rapid recovery from a coordinated international crackdown raises concerns about the effectiveness of law enforcement actions against ransomware operations.
As per the reports published by WithSecure, it has been found that the Lockbit gang is accountable for around 21% of all the ransomware attacks that took place in the year 2023.
The takedown of Lockbit tor sites by law enforcement is a big deal. Our data shows that Lockbit was the biggest ransomware group, behind 21% of all attacks in 2023. Lockbit has attacked thousands of organizations over the last 5 years, and collected a fortune in ransom payments. pic.twitter.com/pQvJtRTV3x
— @mikko (@mikko) February 20, 2024
Today, Lockbit claims that they have compromised Prattindustries.
LockBit 3.0 strikes again, breaching the data of Pratt Industries, America's 5th largest corrugated packaging company.#LockBit #DataBreach #Darkweb #Ransomware #Databreach #CybersecurityNews #DataSecurity pic.twitter.com/Q6Jz1od3bp
— deepweb.net (@deepwebdotnet) February 27, 2024
