LockBit Ransomware Resurgence After Law Enforcement Takedown
LockBit ransomware, which has also been known as “ABCD,” has resurfaced on the dark web despite being dealt with strictly by the global law enforcement task force. This development of LockBit ransomware resurgence comes just days after law enforcement agencies from 10 countries around the globe took control of its servers.
The LockBit return is an indication that the cybersecurity threat actor has decided to lock horns with law enforcement agencies and does not plan on backing down. This post-takedown LockBit activity poses a serious threat to organizations, both public and private, around the globe as evident from the LockBit administration’s response to the FBI.
In this article, we will shed light on the background of the LockBit ransomware group, Operation Cronos and its impacts on cybersecurity, the LockBit ransomware resurgence, the challenges it poses, and the future of cybersecurity.
LockBit Ransomware Group Background
LockBit has emerged as a serious cybersecurity threat actor in recent times. This ransomware group uses sophisticated techniques to encrypt sensitive information by infiltrating the computer systems of organizations.
What is even more alarming is the RaaS (ransomware-as-a-service) model that LockBit follows, meaning it allows other cybersecurity threat actors to use its tools and services in return for a share in their ransom payments.
Operation Cronos – An International Law Enforcement Action Against LockBit
An international task force comprising officials from 10 countries carried out Operation Cronos to disrupt the activities of the ransomware group. This joint effort by the law enforcement agencies saw the seizing of LockBit’s technical infrastructure and a public-facing leak site on the dark web.
The National Crime Agency (NCA) led Operation Cronos and published its details on 20 February. NCA also announced a $10 million reward for information on LockBit’s alleged ringleader, known as LockBitSupp.
LockBit Ransomware Resurgence
Despite strict action against an international task force, the ransomware group has returned. And the LockBit comeback within days of Operation Cronos means the group is a well-established one.
It is also believed that after the LockBit ransomware resurgence, it has employed new tactics after the resurgence by improving its encryption methods and putting further anti-detection measures in place.
The data leak portal of LockBit has been moved to a new address, “.onion” on the TOR network with the list of its 12 new victims.
LockBit’s Follow-up Message
After the LockBit ransomware resurgence, the cybersecurity threat actor has said that a critical PHP flaw (CVE-2023-3824) was exploited to track and confiscate some of its websites. LockBit’s administration also acknowledged that PHP was not updated due to personal irresponsibility.
One of the shocking revelations in the administration’s message was the reason they cited the “hacking” of their infrastructure by the Federal Bureau of Investigation (FBI). It was stated that the group had to face strict action by the FBI because of a ransomware attack on Fulton County because the stolen documents contained information about Donald Trump’s cases, which could change the result of the upcoming presidential election in the United States.
Conclusion
The LockBit ransomware resurgence poses a huge threat to global cybersecurity. It warrants collaborative efforts, both at the national and international levels, to nip such cybersecurity threat actors in the bud and enhance cybersecurity after ransomware incidents.
Cybersecurity laws should be strengthened so the cybersecurity threat actors know their actions will have huge repercussions. Organizations, both government and private, must be proactive in this regard and prioritize cybersecurity resilience.
The latest technology, such as machine learning and artificial intelligence, must be put to use to mitigate LockBit threats as well as other potential cybersecurity dangers. Moreover, organizations should also be trained on how to recover from a ransomware attack quickly and effectively.
The sources for this piece include articles in The Hacker News and Security Week.