Security News > 2024 > February > LockBit ransomware returns, restores servers after police disruption
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.
On Saturday, LockBit announced it was resuming the ransomware business and released damage control communication saying admitting that "Personal negligence and irresponsibility" led to law enforcement disrupting its activity in Operation Cronos.
On February 19, authorities took down LockBit's infrastructure, which included 34 servers hosting the data leak website and its mirrors, data stolen from the victims, cryptocurrency addresses, decryption keys, and the affiliate panel.
Five days later, LockBit is back and provides details about the breach and how they're going to run the business to make their infrastructure more difficult to hack.
LockBit plans to upgrade security for its infrastructure and switch to manually releasing decryptors and trial file decryptions, as well as host the affiliate panel on multiple servers and provide its partners with access to different copies based on the trust level.
"Due to the separation of the panel and greater decentralization, the absence of trial decrypts in automatic mode, maximum protection of decryptors for each company, the chance of hacking will be significantly reduced" - LockBit.
News URL
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)
- LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages (source)