Security News

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. On Saturday, LockBit announced it was resuming the ransomware business and released damage control communication saying admitting that "Personal negligence and irresponsibility" led to law enforcement disrupting its activity in Operation Cronos.

LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said....

The analysis showed addresses held around £100 million, £90 million of which was unspent, comprised largely of the payments made to LockBit by affiliates who were paid by victims. Although the cut taken by LockBit typically varies, around 20 percent of the total ransom fee is paid to the LockBit organization, while the affiliate who actually carried out the attack keeps the remainder.

The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. The investigation found that more than 2,200 BTC - more than $110 million at today's exchange rate, remained unspent when LockBit was disrupted.

The grand finale of the week of LockBit leaks was slated to expose the real identity of LockBitSupp - the alias of the gang's public spokesperson - but the reveal has fallen short of expectations. Members of the global infosec community were gearing up for a mammoth revelation today following a week of incredible insights into the LockBit operation, but were left underwhelmed by authorities who in the end revealed very little.

Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, published today, analyzed a cross-platform version researchers believe was being designed to succeed the most recent LockBit 3.0 iteration.

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.

Today's edition of the week-long LockBit leaks reveals a father-son duo was apprehended in Ukraine as part of the series of takedown-related arrests this week. The National Police of Ukraine confirmed the relationship of the pair after they were arrested at the request of the French government.

LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely to become LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. While previous LockBit malware is built in C/C++, the latest sample is a work-in-progress written in.

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the...