Just five days on, LockBit announced that its operations had resumed, claiming to have restored from backups unaffected by the government takedown.
Law enforcement claiming overwhelming victory while the apparent LockBit ringleader remains at large, threatening retaliation, and targeting new victims puts the two at odds — for now.
With the apparent administrator LockBitSupp still in action — the last remaining piece of the LockBit puzzle — it’s unlikely LockBit is going away.
Ransomware gangs are known to quickly regroup and rebrand even after law enforcement disruption claims to have taken them down for good.
At the time of writing, ALPHV’s leak site remains up and running — and continues to add new victims almost daily.
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang.
In a post on Mastodon on Thursday, Sophos said that it had observed “several LockBit attacks” following exploitation of the ConnectWise vulnerabilities.
“Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild.
Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected.
The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.
Even ransomware gangs fail to patch vulnerabilitiesYes, even ransomware gangs are slow to patch software bugs.
Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.
pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024Ransomware takedowns take a long timeThe LockBit takedown, known officially as “Operation Cronos,” was years in the making, according to European law enforcement agency Europol.
Given Kondratiev has hands in at least five different ransomware gangs, the sanctions are likely to make his life five times more difficult.
We found various Easter eggs hidden on the now-seized LockBit site.
This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some of the most prolific cybercriminals in recent years.
Twitter took drastic measures to rid the hackers from its network by temporarily blocking all of the site’s 200-million-plus users from posting.
A New York judge sentenced the 24-year-old hacker to five years in prison, two of which O’Connor already served in pre-trial custody.
Federal prosecutors this year accused a former Amazon employee of hacking into a cryptocurrency exchange and stealing millions worth of customers’ crypto.
Why did a Russian man accused by U.S. prosecutors of ransomware attacks burn his passport?
Microsoft says it has successfully dismantled the infrastructure of a cybercrime operation that sold access to fraudulent Outlook accounts to other hackers, including the notorious Scattered Spider gang.
The group, tracked by Microsoft as “Storm-1152”, is described as a major player in the cybercrime as a service (CaaS) ecosystem, whereby criminals provide hacking and cybercrime services to other individuals or groups.
Storm-1152 created for sale approximately 750 million fraudulent Microsoft accounts through its “hotmailbox.me” service to earn “millions of dollars in illicit revenue” and cause “millions of dollars in damage to Microsoft,” according to the company.
Microsoft said it had identified several ransomware and extortion groups utilizing Storm-1162’s services, including Octo Tempest, better known as Scattered Spider.
Storm-1152 operated as a typical internet going-concern, providing training for its tools and even offering full customer support.
