The group was the recent target of 'Operation Cronos' which was conducted by multiple law enforcement agencies and led to the seizure of its decryptors and other infrastructure. However, LockBit soon after launched a new data leak site containing a note to the FBI and a promise to implement new measures to prevent future operation-wide attacks by law enforcement groups. In the note, the group claimed that the exploitation of a PHP vulnerability allowed law enforcers to breach their servers. Samples have been recovered and uploaded to VirusTotal of updated ransom notes in the group's encryptors with links to new Tor URLs. Its negotiation servers have also been confirmed to be live once more but only accessible to victims of new attacks. The gang further stated that it is currently seeking experienced pentesters for recruitment, signaling the likelihood of an increase in attacks in the future.
Ransomware
LockBit group opens new servers, resumes operations

A screen image of the ransom by the LockBit ransomware group. (Image provided by Recorded Future)
BleepingComputer.
The group was the recent target of 'Operation Cronos' which was conducted by multiple law enforcement agencies and led to the seizure of its decryptors and other infrastructure. However, LockBit soon after launched a new data leak site containing a note to the FBI and a promise to implement new measures to prevent future operation-wide attacks by law enforcement groups. In the note, the group claimed that the exploitation of a PHP vulnerability allowed law enforcers to breach their servers. Samples have been recovered and uploaded to VirusTotal of updated ransom notes in the group's encryptors with links to new Tor URLs. Its negotiation servers have also been confirmed to be live once more but only accessible to victims of new attacks. The gang further stated that it is currently seeking experienced pentesters for recruitment, signaling the likelihood of an increase in attacks in the future.
The LockBit ransomware gang has restarted cyberattacks with new encryptors and negotiation servers as well as a new data leak website, according to The group was the recent target of 'Operation Cronos' which was conducted by multiple law enforcement agencies and led to the seizure of its decryptors and other infrastructure. However, LockBit soon after launched a new data leak site containing a note to the FBI and a promise to implement new measures to prevent future operation-wide attacks by law enforcement groups. In the note, the group claimed that the exploitation of a PHP vulnerability allowed law enforcers to breach their servers. Samples have been recovered and uploaded to VirusTotal of updated ransom notes in the group's encryptors with links to new Tor URLs. Its negotiation servers have also been confirmed to be live once more but only accessible to victims of new attacks. The gang further stated that it is currently seeking experienced pentesters for recruitment, signaling the likelihood of an increase in attacks in the future.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds