Security News

Officials have until March 2 to cough up or stolen data gets leaked LockBit claims it's back in action just days after an international law enforcement effort seized the ransomware gang's servers...

LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Last week, Operation Cronos hit LockBit hard by taking over their leak site and affiliate panel, disrupting part of their infrastructure, and arresting some suspected affiliates.

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its...

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. On Saturday, LockBit announced it was resuming the ransomware business and released damage control communication saying admitting that "Personal negligence and irresponsibility" led to law enforcement disrupting its activity in Operation Cronos.

LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said....

The analysis showed addresses held around £100 million, £90 million of which was unspent, comprised largely of the payments made to LockBit by affiliates who were paid by victims. Although the cut taken by LockBit typically varies, around 20 percent of the total ransom fee is paid to the LockBit organization, while the affiliate who actually carried out the attack keeps the remainder.

The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. The investigation found that more than 2,200 BTC - more than $110 million at today's exchange rate, remained unspent when LockBit was disrupted.

The grand finale of the week of LockBit leaks was slated to expose the real identity of LockBitSupp - the alias of the gang's public spokesperson - but the reveal has fallen short of expectations. Members of the global infosec community were gearing up for a mammoth revelation today following a week of incredible insights into the LockBit operation, but were left underwhelmed by authorities who in the end revealed very little.

Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, published today, analyzed a cross-platform version researchers believe was being designed to succeed the most recent LockBit 3.0 iteration.

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.