The world is yet to rid itself of Lockbit, one of the biggest cyber-criminal gangs in the world. A week after an international law enforcement exercise confiscated the ransomware group’s website and seized control of its servers, the notorious gang has resurfaced on the dark web, using new site and new infrastructure.
The Lockbit has moved its data leak site to a new .onion address that lists five victims with countdown timers for publishing stolen information.
The security website Bleeping Computer reports that gang has announced that it will continue with ransomware and has published a massage on its new site where the group says that mistakes were made and that ‘nonchalance and a lack of responsibility’ led to police services being able to seriously disrupting and compromising the group’s activities.
One of the larger ransomware groups in the world Lockbit A week ago, international law enforcement exercise took over about 34 of the group’s servers, hosting the data leak website. This allowed them to take over stolen data, decryption keys and cryptocurrency addresses. Websites on which the group posts leaks and urges victims to pay were also taken down.
The administrator behind LockBit said law enforcement agencies were able to confiscate some of their websites due to the delay in updating PHP protocols on these websites. Other backup systems without PHP were untouched.
Lockbit group has threaten to focus more of their attacks on the government sector.
LockBit’s attack presence is seen globally, with hundreds of affiliates recruited to conduct ransomware operations using LockBit tools and infrastructure. Ransom payments were divided between the LockBit core team and the affiliates, who received on average three-quarters of the ransom payments collected.
The ransomware group is also infamous for experimenting with new methods for pressuring their victims into paying ransoms. Triple extortion is one such method which includes the traditional methods of encrypting the victim’s data and threatening to leak it, but also incorporates Distributed Denial-of-Service (DDoS) attacks as an additional layer of pressure.
