Ransomware

LockBit group opens new servers, resumes operations

Cyber insurance

The LockBit ransomware gang has restarted cyberattacks with new encryptors and negotiation servers as well as a new data leak website, according to BleepingComputer.

The group was the recent target of 'Operation Cronos' which was conducted by multiple law enforcement agencies and led to the seizure of its decryptors and other infrastructure. However, LockBit soon after launched a new data leak site containing a note to the FBI and a promise to implement new measures to prevent future operation-wide attacks by law enforcement groups. In the note, the group claimed that the exploitation of a PHP vulnerability allowed law enforcers to breach their servers. Samples have been recovered and uploaded to VirusTotal of updated ransom notes in the group's encryptors with links to new Tor URLs. Its negotiation servers have also been confirmed to be live once more but only accessible to victims of new attacks. The gang further stated that it is currently seeking experienced pentesters for recruitment, signaling the likelihood of an increase in attacks in the future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.