Ransomware Awareness – LockBit: Down, but not Out

Following the international takedown operation of the LockBit ransomware group last week – which disrupted LockBit’s criminal network infrastructure and arrested two of its members – the ransomware group’s leader, known as LockBitSupp, has issued a lengthy message on a new dark web site with additional threats and promises of return. The criminal leader made several claims discrediting the FBI’s “attack” and that LockBit was only compromised because of its own negligence at patching (a reminder that everyone needs to patch, even criminals) which allegedly allowed law enforcement to exploit a PHP vulnerability in two of its main servers. LockBitSupp also claims that it didn’t lose much data of significance from the FBI’s exploit because it had backups of victims’ stolen data and that it will “continue to give out data stolen from the attacked companies.” Most notable, LockBit threatened to target the government sector more, specifically the “.gov sector” emphasizing the U.S. government and challenging the FBI. Six new victims have appeared on the new LockBit dark web site with countdown timers including a re-listing of Fulton County, GA and a new entry for the FBI itself. For more information regarding LockBit’s claims of return, access CSO online or Bleeping Computer. LockBit’s full message can be found here.