Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

LockBit ransomware officially returns — hackers hit back with new attacks following apparent shutdown

ID theft.

Infamous ransomware operator LockBit has apparently returned, boasting new encryptors, new infrastructure, and new data leak and negotiation websites.

Earlier this week, cybersecurity researchers from Zscaler reported that new LockBit victims received a ransom note with a different Tor URL for further steps, with BleepingComputer also finding two new encryptor variants uploaded to VirusTotal in two consecutive days, both holding the new notes.

The publication also confirmed that LockBit’s negotiation server is up and running again, but works only for new victims, the ones infected after Operation Cronos. 

Affecting the elections

The news comes weeks after the UK’s National Crime Agency (NCA), together with a team of international partners, broke into the infrastructure of one of the largest ransomware operations in the world. It managed to obtain decryptors, plenty of data stolen from different victims, as well as a list of almost 200 LockBit affiliates. To add insult to injury, the NCA also defaced LockBit’s data leak site and left a message to its visitors, ending with “Have a nice day.”

Soon after the operation, LockBit’s owners came forward to state that the law enforcement broke into the servers thanks to a bug in the PHP, and due to the fact that they were lazy after “swimming in money” for five years. They promised improvements to the infrastructure to make it more resilient, and further promised more attacks against government institutions, in retaliation.

They also claimed to have been a target because of the data they stole from Fulton County earlier this year. Allegedly, the data stolen there contains sensitive information regarding the court cases against Donald Trump which, if leaked, “could affect the upcoming US election,” they said.

When the NCA first took down LockBit’s infrastructure, it made no arrests. Without detainments, it was only a matter of time before the threat actors bounced back.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.