Lockbit Ransomware Gang Returns After International Takedown, Arrests

/in


The Lockbit ransomware group is reportedly back online with new servers.

In a lengthy letter posted online this weekend, Lockbit claims that the international group of government agencies that infiltrated it only obtained decryption keys for 2.5% of the attacks the ransomware group has carried out since its inception.

Last week, the US Department of Justice, FBI, the UK National Crime Agency (NCA), Europol, and others announced their joint infiltration of Lockbit’s servers. The US charged two Russian nationals allegedly connected to the ransomware group, and Ukrainian authorities arrested a father-son duo believed to be Lockbit members. At the time, Lockbit administrators said that while their servers that use PHP were infiltrated, their backup servers were “untouched.”

The UK’s NCA has repeatedly asserted that Lockbit is fully compromised in statements provided to PCMag. “The NCA, working with international partners, successfully infiltrated and took control of Lockbit’s systems, and was able to compromise their entire criminal operation,” an agency spokesperson told PCMag via email Monday. “Their systems have now been destroyed by the NCA, and it is our assessment that Lockbit remains completely compromised.”

“We recognized Lockbit would likely attempt to regroup and rebuild their systems,” the NCA continued. “However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues.”

In the letter from a purported Lockbit administrator shared by malware data collector VXUnderground, the admin claims that Lockbit members became “lazy” after they stole enough money to let them live a luxurious lifestyle “on a yacht with titsy [sic] girls.”

The admin then implies that they are a US voter and says Lockbit’s new servers are running a new version of PHP, promising that anyone who reports any critical vulnerabilities for Lockbit’s new systems “will be rewarded.” Their lengthy letter makes a number of other allegations and contradictory statements, including some regarding the FBI’s supposed motives.

The admin admits, however, that even a PHP update “will not be enough” to stop the FBI and other agencies from…

Source…