Tag Archive for: international

LockBit ransomware group back online after international police disruption

/in


Russian-based ransomware gang, Lockbit, said it has restored its servers and is back online following an international police operation last week that took it offline.

LockBit said law enforcement breached their dark website by exploiting a PHP programming language vulnerability, commonly used for building websites and online applications.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement posted on LockBit’s dark website, as reported by Reuters.

A spokesperson for the UK’s National Crime Agency (NCA), who led the international operation against LockBit, said the group remains ‘completely compromised’.

The NCA added the Agency recognised LockBit would likely attempt to regroup and rebuild its systems to facilitate their return online.

“However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues,” said the NCA.

The Russia-based group’s new site advertised a small number of alleged victims and leaked data. The new site showcased a gallery of company names alongside a countdown clock indicating the ransom payment deadline.

LockBit’s alleged leader, LockBitSupp, announced the ransomware group’s intensified focus on targeting government agencies following the takedown operation. Recently, reports have surfaced that LockBit has attacked Ernest Health, a network of 36 rehabilitation and critical care recovery hospitals spanning 13 US states.

“LockBit is back to attacking hospitals, Ernest Health allegedly breached,” said Dominic Alvieri on X (formerly Twitter).

Businesses Urged to Remain Vigilant

Vice President of Threat Research and Intelligence at BlackBerry Cybersecurity, Ismael Valenzuela, said the takedown of LockBit represented a positive step forward in curbing ransomware. However, the relaunch of its servers has ‘made it clear that victories are likely to be short-lived’. 

“Ultimately, LockBit’s absence will only create a vacuum for others to fill, particularly those who are already active yet largely unidentified,” said Valenzuela.

Valenzuela…

Source…

Lockbit Ransomware Gang Returns After International Takedown, Arrests

/in


The Lockbit ransomware group is reportedly back online with new servers.

In a lengthy letter posted online this weekend, Lockbit claims that the international group of government agencies that infiltrated it only obtained decryption keys for 2.5% of the attacks the ransomware group has carried out since its inception.

Last week, the US Department of Justice, FBI, the UK National Crime Agency (NCA), Europol, and others announced their joint infiltration of Lockbit’s servers. The US charged two Russian nationals allegedly connected to the ransomware group, and Ukrainian authorities arrested a father-son duo believed to be Lockbit members. At the time, Lockbit administrators said that while their servers that use PHP were infiltrated, their backup servers were “untouched.”

The UK’s NCA has repeatedly asserted that Lockbit is fully compromised in statements provided to PCMag. “The NCA, working with international partners, successfully infiltrated and took control of Lockbit’s systems, and was able to compromise their entire criminal operation,” an agency spokesperson told PCMag via email Monday. “Their systems have now been destroyed by the NCA, and it is our assessment that Lockbit remains completely compromised.”

“We recognized Lockbit would likely attempt to regroup and rebuild their systems,” the NCA continued. “However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues.”

In the letter from a purported Lockbit administrator shared by malware data collector VXUnderground, the admin claims that Lockbit members became “lazy” after they stole enough money to let them live a luxurious lifestyle “on a yacht with titsy [sic] girls.”

The admin then implies that they are a US voter and says Lockbit’s new servers are running a new version of PHP, promising that anyone who reports any critical vulnerabilities for Lockbit’s new systems “will be rewarded.” Their lengthy letter makes a number of other allegations and contradictory statements, including some regarding the FBI’s supposed motives.

The admin admits, however, that even a PHP update “will not be enough” to stop the FBI and other agencies from…

Source…

LockBit ransomware gang disrupted by international law enforcement operation

/in


LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.

“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a seizure notice on the group’s website said. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation.”

The group has far outpaced other ransomware gangs since it emerged in late 2019, with researchers at Recorded Future attributing nearly 2,300 attacks to the group. Conti — the second most active group — has only been publicly linked to 883 attacks.

2024_0209 - Ransomware Tracker - Most Prolific Groups.jpg

But LockBit has also gained a reputation for the damage it has caused and the organizations it has targeted. Although the group previously claimed to have rules prohibiting attacks on hospitals, it hit Canada’s largest children’s hospital during the 2022 Christmas season, as well as multiple healthcare facilities in the U.S. and abroad. Last month, the group said it was behind a November attack on a hospital system that forced multiple facilities in Pennsylvania and New Jersey to cancel appointments.

“In a highly competitive and cutthroat marketplace, LockBit rose to become the most prolific and dominant ransomware operator,” said Don Smith, vice president of threat research at Secureworks CTU. “It approached ransomware as a global business opportunity and aligned its operations, accordingly, scaling through affiliates at a rate that simply dwarfed other operations.”

The takedown is just the latest in a series of law enforcement actions targeting ransomware gangs — late last year, the FBI and other agencies took down sites and infrastructure belonging to Qakbot, Rangar Locker and other groups.

“This has been a year of action for the Justice Department in our efforts to pivot to a strategy of disruption,” Deputy Attorney General Lisa Monaco said Friday at…

Source…

Moroccan Child Impresses International Companies With Cybersecurity Mastery – Morocco World News

/in



Moroccan Child Impresses International Companies With Cybersecurity Mastery  Morocco World News

Source…