February 28, 2024 at 01:31PM
The LockBit ransomware gang faced a disruption by law enforcement last week but has quickly resumed attacks with updated encryption and a new data leak site. They retaliated against the agencies involved, claiming to strengthen their security measures. LockBit is recruiting experienced pentesters, indicating a potential increase in future attacks. The threat persists.
After reviewing the meeting notes, here are the key takeaways:
1. LockBit ransomware gang has resumed attacks using updated encryptors with new servers following last week’s law enforcement disruption.
2. The recent ‘Operation Cronos’ involved NCA, FBI, and Europol conducted a coordinated disruption against the LockBit ransomware operation, resulting in seized infrastructure, the retrieval of decryptors, and converting the ransomware gang’s data leak site into a police press portal.
3. LockBit retaliated by setting up a new data leak site and alleging that law enforcement breached their servers using a PHP bug. They vowed to return with updated infrastructure and new security mechanisms to prevent future law enforcement attacks.
4. Recent reports reveal that LockBit has updated their encryptor’s ransom notes with Tor URLs for the gang’s new infrastructure and their negotiation servers are live again but only for the victims of new attacks.
5. LockBit, at its takedown, had approximately 180 affiliates working with them, although the current status of these affiliates is unknown. The ransomware operation is now actively recruiting experienced pentesters to join their operation, potentially leading to increased attacks in the future.
6. It is uncertain whether LockBit will follow a similar course to Conti and gradually fade away and rebrand. As of now, it is safer to assume that LockBit continues to be a threat.
Please let me know if you need further clarification or if there is anything else I can assist you with.