Connect with us

Hi, what are you looking for?


LockBit re-emerges a week after takedown

LockBit re-emerges a week after takedown

The gang said that only servers running PHP were affected. It said the enforcement agencies exploited a PHP vulnerability (CVE-2023-3824), blaming its own “negligence and irresponsibility” in not updating PHP.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” the group said, on a new darkweb site.

A spokesperson for the UK national crime authority (NCA) said in a statement that the organisation was not surprised to see the group re-emerge.

“We recognised Lockbit would likely attempt to regroup and rebuild their systems. However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues.”

LockBit said it plans to decentralise its infrastructure, manually release decryption keys, and provide different access levels to affiliates to improve security.

It also threatened to focus more attacks on government targets.

While Cronos undoubtedly dealt a major blow, security experts warn that LockBit’s significant financial resources – the gang is estimated to have accrued $91 million from US attacks alone – and resilience will allow them to adapt and restore operations.

Operating in Russia and former Soviet states puts the gang out of reach of the FBI, NCA and allied law enforcement authorities. It may also be protected or supported by the Russian authorities.

“One has to question if the financial resources of groups such as Lockbit are somewhat broader in scope than the law enforcement teams tasked with their disruption,” commented Richard Cassidy, EMEA CISO at Rubrik.

“They have the economic power to re-group and develop new tactics, techniques, and procedures, learning and adapting from the errors that led to their disruption, thus reinventing their approach as necessary.”

However, Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest said that despite its resilience, the information gleaned from Cronos could help the agencies to further weaken LockBit, as the NCA suggested.

“The seizure of vast amounts of LockBit’s infrastructure will have provided a treasure-trove of intelligence that can refine law enforcement efforts in the future. If the NCA and supporting organisations are able to build on this initial success—including identifying senior LockBit members—it is realistically possible that they will be able to remove this criminal enterprise for good.”

Stephen Robinson, senior threat intelligence analyst at WithSecure, questioned the information provided by LockBit. How could they possibly know how the law enforcement agencies had compromised their systems?

“The purpose of the message is not to communicate fact, but to engage in PR and reputational damage control for the LockBit brand as a show of strength,” he said.  

The article was first published here

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like


10:29 a.m. ET, February 22, 2024 AT&T recently applied for a waiver to allow it to stop servicing traditional landlines in California From CNN’s...


Everyone in Kyle Hausmann-Stokes’ compassionate feature My Dead Friend Zoe has suffered a loss. Merit (Sonequa Martin-Green), a nervous Afghanistan war veteran, is reeling...


Video: Bandai Namco Reveals New Gameplay Footage Of Dragon Ball Z: Kakarot DLC 6  Nintendo Life Dragon Ball Z: Kakarot DLC Trailer Previews Goku’s Next...


Using 3D storage techniques, scientists at the University of Shanghai for Science and Technology developed an optical disk capable of accommodating 1.6 petabits of...