Russian-based LockBit ransomware hackers attempt a comeback | Cybercrime

/in


The LockBit ransomware gang is attempting a comeback days after its operations were severely disrupted by a coordinated international crackdown.

The Russian-based group has set up a new site on the dark web to advertise a small number of alleged victims and leak stolen data, as well as releasing a rambling statement explaining how it had been hobbled by the UK’s National Crime Agency, the FBI, Europol and other police agencies in operation last week.

The group said law enforcement had hacked its former darkweb site using a vulnerability in the PHP programming language, which is widely used to build websites.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement, which was published in English and Russian.

The statement also referred to “my personal negligence and irresponsibility”, declared an intention to vote for Donald Trump in the US presidential election and offered a job to whoever hacked LockBit’s main site.

LockbitSupp, the group’s administrator and presumed author of the statement, does not live in the US, according to law enforcement. The agencies involved in the LockBit operation have also added that “LockbitSupp has engaged with law enforcement”.

In a statement, the NCA said LockBit remains “completely compromised”. A spokesperson said: “We recognised LockBit would likely attempt to regroup and rebuild their systems. However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues.”

The US this month charged two Russian nationals with deploying Lockbit ransomware against companies and groups around the world. Police in Poland made an arrest, and in Ukraine police arrested a father and son they said carried out attacks using Lockbit’s malicious software.

The message on the new LockBit site also threatened to attack US government sites more often. Its revamped website, launched on Saturday, showed a number of purported hacking victims.

Rafe Pilling, director of threat research at the cybersecurity firm Secureworks, said the statement and website showed…

Source…