LockBit ransomware group back online after international police disruption

/in


Russian-based ransomware gang, Lockbit, said it has restored its servers and is back online following an international police operation last week that took it offline.

LockBit said law enforcement breached their dark website by exploiting a PHP programming language vulnerability, commonly used for building websites and online applications.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement posted on LockBit’s dark website, as reported by Reuters.

A spokesperson for the UK’s National Crime Agency (NCA), who led the international operation against LockBit, said the group remains ‘completely compromised’.

The NCA added the Agency recognised LockBit would likely attempt to regroup and rebuild its systems to facilitate their return online.

“However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues,” said the NCA.

The Russia-based group’s new site advertised a small number of alleged victims and leaked data. The new site showcased a gallery of company names alongside a countdown clock indicating the ransom payment deadline.

LockBit’s alleged leader, LockBitSupp, announced the ransomware group’s intensified focus on targeting government agencies following the takedown operation. Recently, reports have surfaced that LockBit has attacked Ernest Health, a network of 36 rehabilitation and critical care recovery hospitals spanning 13 US states.

“LockBit is back to attacking hospitals, Ernest Health allegedly breached,” said Dominic Alvieri on X (formerly Twitter).

Businesses Urged to Remain Vigilant

Vice President of Threat Research and Intelligence at BlackBerry Cybersecurity, Ismael Valenzuela, said the takedown of LockBit represented a positive step forward in curbing ransomware. However, the relaunch of its servers has ‘made it clear that victories are likely to be short-lived’. 

“Ultimately, LockBit’s absence will only create a vacuum for others to fill, particularly those who are already active yet largely unidentified,” said Valenzuela.

Valenzuela…

Source…