LockBit is Back With New Claims and Victims

LockBit Ransomware is Back After Europol Takedown
Infamous fraudsters managed to recover their network infrastructure

The story around LockBit ransomware takedown on February 19 continues to unfold. After almost a week of downtime and silence, the infamous gang is back online on a new Onion domain, boasting new hacks. To top it all off, an infamous LockBitSupp released a lengthy statement about what happened and what’s next.

LockBit Ransomware is Back After Law Enforcement Takedown.

Following the rough takedown of all the Darknet sites that belong to LockBit ransomware, the gang representatives were mostly silent until February 24, 2024. At around 21:00 GMT, the chief of the cybercrime gang released a long PGP signed message with the explanation from the hackers’ point of view. In it, they describe the supposed way they were hacked and the future of LockBit. Spoiler – not a lot will change, except for LockBitSupp promises to be less lazy.

PGP signed message that LockBitSupp published on February 24

For the way the law enforcement agencies managed to access the servers, the PHP vulnerability is named. CVE-2023-3824 vulnerability, discovered back in August 2023, allows for remote code execution and received CVSS rating of 9.8/10. Well-deserved, considering how popular PHP is; LockBitSupp even supposes that other threat actors who were hacked recently suffered from this exact vulnerability.

Also, the hacker supposes that the FBI could have access to the network for quite some time. The reason why law enforcement decided to pull the trigger is the publication of data leaked from Fulton County court, specifically documents regarding Donald Trump’s court cases.

Had it not been for the election situation, the FBI would have continued to sit on my server waiting for any leads to arrest me and my associates, but all you need to do to not get caught is just quality cryptocurrency laundering. The FBI can sit on your resources and also collect information useful for the FBI, but do not show the whole world that you are hacked…

Why did it take 4 days to recover? Because I had to edit the source code for the latest version of PHP, as there was incompatibility.LockBitSupp

LockBit Takedown Aftermath

So, what do we see almost a week past the takedown of LockBit? Law enforcement agencies dealt quite a damage to both the group image and hardware. The amount of leaked information, including decryption keys and data stolen from companies’ networks seriously cuts the profits of the ransomware gang. And considering the detainments in Poland and Ukraine, the leaks were not only about operational information – personal data of malware operators was also exposed to some extent.

However, this was barely enough to force the LockBit gang to stop. Sure, they are now starting from scratch, with only a few listings present on the reborn of their leak page. But they will carry on, taking the past mistakes into account. The individuals captured in Eastern Europe are unlikely to be affiliates – more probably just server administrators or money mules. LockBit’s story keeps rolling, and I’m pretty sure they have a couple of aces up their sleeves.

LockBit is Back With New Claims and Victims

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *