HQ/EMEAFind out how we can help your business
The infamous Russian-speaking ransomware group LockBit has successfully revived its dark web leak site, boldly challenging recent law enforcement interventions. The group’s leader conveyed a lengthy message, levelling accusations against the FBI for exploiting a PHP vulnerability (CVE-2023-3824) in their servers. Notably, LockBit openly admitted to neglecting the patching of this vulnerability, attributing their oversight to a sense of complacency fostered by five years of lucrative financial operations.
According to LockBit, law enforcement’s actions primarily targeted tarnishing the reputation of its affiliate program and demoralising its members. The group alleged that the FBI used the PHP zero-day to capture only a fraction of their ransomware decryptors – a mere 1,000 out of 20,000. The takedown, LockBit claims, was a preemptive measure to stop the leaking of documents stolen from Fulton County.
Interestingly, Operation Cronos, a collaborative effort by British, U.S., and European law enforcement, executed the takeover of the LockBit website. Despite promises to unveil the identity of LockBit’s leader, known as LockBitSupp, authorities refrained from doing so, leaving the criminal underground in suspense.
LockBit ransomware leader ‘LockBitSupp’ vows to publish stolen data after the FBI hack.
LockBitSupp, known for exaggeration and erratic behaviour, claimed that even after the FBI hack, the stolen data would be published with no chance of destruction without payment. The group plans to maximise protection on every build of their locker, eliminating the possibility of free decryption for attacked companies.
Furthermore, LockBit has reinforced its future operations by decentralising its administrative panel, adding complexity to potential takedown attempts. The four-day recovery process included crucial edits to the source code for seamless compatibility with the latest PHP version.
In an attempt to attract new affiliates, LockBit announced that individuals with forum reputations, proof of being post-payment pentesters, or those depositing two bitcoins could join the program. The deposit amount is set to increase based on proof and advertising induced by the FBI, emphasising the purported profitability of the affiliate program.
As experts analyse the situation, it remains to be seen whether LockBit’s resurgence will have a lasting impact or if the recent law enforcement actions will continue to cast a shadow on the group’s credibility. LockBit’s bold reemergence raises questions about the evolving dynamics between cybercriminals and law enforcement in the ongoing battle against ransomware.
