Security News > 2024 > February > LockBit ransomware returns to attacks with new encryptors, servers
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.
Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.
LockBit set up a new data leak site and left a long note addressed to the FBI, claiming law enforcement breached their servers using a PHP bug.
As of yesterday, LockBit appears to be conducting attacks again, with new encryptors and infrastructure setup for data leak and negotiation sites.
At the time of LockBit's takedown, the ransomware operation had approximately 180 affiliates working with them to conduct attacks.
LockBit ransomware returns, restores servers after police disruption.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)