ClickCease LockBit Ransomware Resurgence After Law Enforcement Takedown

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

LockBit Ransomware Resurgence After Law Enforcement Takedown

Wajahat Raja

March 13, 2024 - TuxCare expert team

LockBit ransomware, which has also been known as “ABCD,” has resurfaced on the dark web despite being dealt with strictly by the global law enforcement task force. This development of LockBit ransomware resurgence comes just days after law enforcement agencies from 10 countries around the globe took control of its servers. 

The LockBit return is an indication that the cybersecurity threat actor has decided to lock horns with law enforcement agencies and does not plan on backing down. This post-takedown LockBit activity poses a serious threat to organizations, both public and private, around the globe as evident from the LockBit administration’s response to the FBI. 

In this article, we will shed light on the background of the LockBit ransomware group, Operation Cronos and its impacts on cybersecurity, the LockBit ransomware resurgence, the challenges it poses, and the future of cybersecurity.


LockBit Ransomware Group Background

LockBit has emerged as a serious cybersecurity threat actor in recent times. This ransomware group uses sophisticated techniques to encrypt sensitive information by infiltrating the computer systems of organizations. 

What is even more alarming is the RaaS (ransomware-as-a-service) model that LockBit follows, meaning it allows other cybersecurity threat actors to use its tools and services in return for a share in their ransom payments. 

Operation Cronos – An International Law Enforcement Action Against LockBit

international task force comprising officials from 10 countries carried out Operation Cronos to disrupt the activities of the ransomware group. This joint effort by the law enforcement agencies saw the seizing of LockBit’s technical infrastructure and a public-facing leak site on the dark web. 

The National Crime Agency (NCA) led Operation Cronos and published its details on 20 February. NCA also announced a $10 million reward for information on LockBit’s alleged ringleader, known as LockBitSupp.


LockBit Ransomware Resurgence 

Despite strict action against an international task force, the ransomware group has returned. And the
LockBit comeback within days of Operation Cronos means the group is a well-established one. 

It is also believed that after the LockBit ransomware resurgence, it has employed new tactics after the resurgence by improving its encryption methods and putting further anti-detection measures in place.  

The data leak portal of LockBit has been moved to a new address, “.onion” on the TOR network with the list of its 12 new victims

LockBit’s Follow-up Message 

After the
LockBit ransomware resurgence, the cybersecurity threat actor has said that a critical PHP flaw (CVE-2023-3824) was exploited to track and confiscate some of its websites. LockBit’s administration also acknowledged that PHP was not updated due to personal irresponsibility. 

One of the shocking revelations in the administration’s message was the reason they cited the “hacking” of their infrastructure by the Federal Bureau of Investigation (FBI). It was stated that the group had to face strict action by the FBI because of a ransomware attack on Fulton County because the stolen documents contained information about Donald Trump’s cases, which could change the result of the upcoming presidential election in the United States. 


The LockBit ransomware resurgence poses a huge threat to global cybersecurity. It warrants collaborative efforts, both at the national and international levels, to nip such cybersecurity threat actors in the bud and enhance
cybersecurity after ransomware incidents

Cybersecurity laws should be strengthened so the cybersecurity threat actors know their actions will have huge repercussions. Organizations, both government and private, must be proactive in this regard and prioritize cybersecurity resilience. 

The latest technology, such as machine learning and artificial intelligence, must be put to use to mitigate LockBit threats as well as other potential cybersecurity dangers. Moreover, organizations should also be trained on how to recover from a ransomware attack quickly and effectively. 

The sources for this piece include articles in The Hacker News and Security Week.


LockBit Ransomware Resurgence After Law Enforcement Takedown
Article Name
LockBit Ransomware Resurgence After Law Enforcement Takedown
LockBit Ransomware resurgence after Operation Cronos poses a serious cybersecurity threat worldwide. Read more about the threat here!
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter