Wilson's Media

A Tech & Gaming Blog

Unsurprisingly, LockBit ransomware crew has returned

Less than a week after the British police and its international partners took down LockBit infrastructure, the infamous threat actor is back and ready to resume its nefarious operations.

According to a new BleepingComputer report, the ransomware-as-a-service operator propped up a new .onion address, which not only lists five new victims and countdown timers for data leaks, but also a message for law enforcement. 

Apparently, the group created a mock-up FBI leak image, explaining that the attack was successful not because the police did a great job, but because the group became complacent.

Protecting Donald Trump?

“Because for 5 years of swimming in money I became very lazy,” the notification reads. “Due to my personal negligence and irresponsibility I relaxed and did not update PHP in time.” 

Previously, the operators said the NCA only took down servers running PHP, and that backup systems without PHP were not affected. They also added that the chat panels server and the blog server were running PHP 8.1.2, which were vulnerable to CVE-2023-3824, giving the NCA a window of opportunity to move in and disrupt the operation.

The operators also speculated that law enforcement attacked LockBit because the group obtained sensitive information on Donald Trump’s court cases during the attack on Fulton County in January this year. If leaked, the data “could affect the upcoming US election,” they said.

In retaliation, LockBit will attack “the .gov sector more often” and test its capability to fight back. 

Last week, the NCA and its international partners announced that they took down the LockBit website and its infrastructure, which included 34 servers hosting stolen information, decryptors, information on affiliates, and more. 

However, as no arrests were made, it was clear that the group was bound to bounce back sooner or later.

More from TechRadar Pro


Source

Less than a week after the British police and its international partners took down LockBit infrastructure, the infamous threat actor is back and ready to resume its nefarious operations. According to a new BleepingComputer report, the ransomware-as-a-service operator propped up a new .onion address, which not only lists five new…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives