LockBit Gang Resurfaces With New Leak Site

Despite recent global law enforcement efforts, the notorious LockBit ransomware gang has made a swift comeback and launched a new leak site on the dark web. This move comes after a coordinated crackdown on the criminal group, which involved the FBI, the UK's National Crime Agency, Europol, and others, which attempted to severely disrupt the gang's infrastructure.

According to BleepingComputer, the gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, threatening to focus more of their attacks on the government sector. In a statement that appeared to mock law enforcement efforts, the gang published a message under a mock-up FBI leak, discussing the negligence that enabled the breach and their plans for the criminal operation moving forward.

"Due to my personal negligence and irresponsibility, I relaxed and did not update PHP in time," a member of the gang admitted, referencing the vulnerability (tracked as CVE-2023-3824) in the PHP programming language that allowed law enforcement to infiltrate their servers.

The cybercriminal gang is making efforts to restore credibility after the law enforcement takedown, launching its new leak site and inviting affiliates to rejoin the operation. The Guardian reported that the Russia-based group’s new site is already advertising a small number of alleged victims and leaking stolen data.

LockBit’s ability to quickly regroup and relaunch their operations showcases the persistent threat they pose despite international efforts to combat cybercrime.

Providing an insight into the gang's defiance, BankInfoSecurity shared a lengthy statement posted on LockBit’s new dark web leak site, apparently authored by its leader. It reads: "All FBI actions are aimed at destroying the reputation of my affiliate program, my demoralization, they want me to leave and quit my job, they want to scare me because they cannot find and eliminate me, I cannot be stopped, you cannot even hope, as long as I am alive I will continue to do pentest with postpaid".

The LockBit gang's ability to bounce back from law enforcement actions and continue their criminal activities highlights the challenges in permanently dismantling such networks. Their operations have caused significant damage globally, with ransomware attacks paralyzing computer systems and extorting an estimated $91 Million from US companies alone. The incident has sparked discussions about the effectiveness of international cooperation in combating cybercrime and the need for enhanced cybersecurity measures across all sectors.