Security News > 2024 > February > LockBit ransomware returns to attacks with new encryptors, servers

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.
Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.
LockBit set up a new data leak site and left a long note addressed to the FBI, claiming law enforcement breached their servers using a PHP bug.
As of yesterday, LockBit appears to be conducting attacks again, with new encryptors and infrastructure setup for data leak and negotiation sites.
At the time of LockBit's takedown, the ransomware operation had approximately 180 affiliates working with them to conduct attacks.
LockBit ransomware returns, restores servers after police disruption.
News URL
Related news
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- New kids on the ransomware block channel Lockbit to raid Fortinet firewalls (source)
- Suspected LockBit ransomware dev extradited to United States (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)