LockBit Ransomware Group Reemerges Following International Law Enforcement Operation
The threat actors responsible for the LockBit ransomware operation have become operational again on the dark web despite an international law enforcement operation against them. Find out about the reemerging threat and its implications.
- Just days after an international team of law enforcement professionals disrupted LockBit ransomware operations, researchers detected a reemergence of the threat actors.
- The threat actors exploited vulnerabilities in Connectwise’s remote desktop application ScreenConnect.
The gang of threat actors running the LockBit ransomware operation has restarted attacks on new infrastructure just days after a combined operation by law enforcement from the U.S. and U.K. disrupted servers run by the gang. The presence of the threat actors has been detected by security researchers on the dark web.
The group has moved its portal to a new TOR network address listing several victims. According to a post by LockBits’ administrator, the FBI and the NCA leveraged a critical PHP vulnerability known as CVE-2023-3824 to disrupt operations. They acknowledged the administrator’s irresponsibility and negligence for the stoppage in operations.
See More: Over 25,000 Websites Impacted by WordPress Theme Vulnerability
According to the post, the takedown of servers by the FBI came just before the gang was set to release sensitive data from a hack on Fulton County in January, including information that could potentially affect the 2024 U.S. elections. LockBit administrators also called on clients to attack domains with the .gov sector more frequently, attempting to discredit law enforcement agencies in their efforts.
Considering the large number of affiliate cybercriminals associated with LockBit, law enforcement agencies have a long way to go before the LockBit threat is completely neutralized. Government bodies and businesses need to continue pushing security measures against ransomware, malicious apps, SSH tunnels, cryptocurrency mining, and more, which can potentially compromise sensitive infrastructure in the foreseeable future.
What do you think about the threat of ransomware to businesses? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock