The narrative surrounding the takedown of the LockBit ransomware on February 19 is still evolving. Following nearly a week of silence and downtime, the notorious gang has resurfaced on a new Onion domain, showcasing fresh breaches. Adding to the intrigue, LockBitSupp, a notorious figure, has issued a detailed statement addressing the events and future plans.
LockBit is back
After the abrupt takedown of LockBit ransomware’s entire Darknet infrastructure, the gang’s representatives maintained a mostly silent stance until February 24, 2024. Around 21:00 GMT, the head of the cybercrime syndicate issued a lengthy PGP-signed message, providing an explanation from the hackers’ perspective.
Within it, they detail the alleged method of their own compromise and outline the future trajectory of LockBit. Notably, there’s not much anticipated change, although LockBitSupp pledges to be more proactive, hinting at a shift in their approach.
The method through which law enforcement agencies gained access to the servers is attributed to a PHP vulnerability known as CVE-2023-3824, which was uncovered in August 2023. This vulnerability enables remote code execution and has received a CVSS rating of 9.8/10, a rating that is well-deserved given PHP’s widespread usage. LockBitSupp even speculates that other threat actors who recently fell victim to hacking may have been affected by this same vulnerability.
Nevertheless, this setback hardly compelled the LockBit gang to cease their operations. While they are indeed regrouping, with only a handful of listings currently visible on their reestablished leak page, they remain resolute and determined to learn from past errors. It’s improbable that the individuals apprehended in Eastern Europe are affiliates; they’re more likely server administrators or money mules. LockBit’s saga continues to unfold, and it’s quite likely they have a few surprises yet to reveal.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment