Security News > 2024 > February > LockBit ransomware returns to attacks with new encryptors, servers

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.
Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.
LockBit set up a new data leak site and left a long note addressed to the FBI, claiming law enforcement breached their servers using a PHP bug.
As of yesterday, LockBit appears to be conducting attacks again, with new encryptors and infrastructure setup for data leak and negotiation sites.
At the time of LockBit's takedown, the ransomware operation had approximately 180 affiliates working with them to conduct attacks.
LockBit ransomware returns, restores servers after police disruption.
News URL
Related news
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)