Unsurprisingly, LockBit ransomware crew has returned

security
(Image credit: Shutterstock / binarydesign)

Less than a week after the British police and its international partners took down LockBit infrastructure, the infamous threat actor is back and ready to resume its nefarious operations.

According to BleepingComputer, the ransomware-as-a-service operator has set up a new .onion address, which not only lists five new victims and countdown timers for data leaks, but also a message for law enforcement. 

The group reportedly created a mock-up FBI leak image explaining that the attack was successful not because the police did a great job, but because the group became complacent.

Protecting Donald Trump?

“Because for 5 years of swimming in money I became very lazy,” the notification reads. “Due to my personal negligence and irresponsibility I relaxed and did not update PHP in time.” 

Previously, the operators said the NCA only took down servers running PHP, and that backup systems without PHP were not affected. They also added that the chat panels server and the blog server were running PHP 8.1.2, which were vulnerable to CVE-2023-3824, giving the NCA a window of opportunity to move in and disrupt the operation.

The operators also speculated that law enforcement attacked LockBit because the group obtained sensitive information on Donald Trump’s court cases during the attack on Fulton County in January this year. If leaked, the data “could affect the upcoming US election,” they said.

In retaliation, LockBit will attack “the .gov sector more often” and test its capability to fight back. 

The NCA and its international partners recently announced they took down the LockBit website and its infrastructure, which included 34 servers hosting stolen information, decryptors, information on affiliates, and more. 

However, as no arrests were made, it was clear that the group was bound to bounce back sooner or later.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
8base ransomware site taken down in global police operation
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
Representational image of a cybercriminal
US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Cl0p ransomware group says it was behind Cleo attacks
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
China
Chinese hackers targeting Juniper Networks routers, so patch now