LockBit ransomware has returned and how to prevent it
According to a report from BleepingComputer, the ransomware-as-a-service operator has set up a new .onion address. At this address, LockBit not only lists 5 new victims along with countdown timers for data leaks but also sends a challenging message to law enforcement agencies.
Although the police had previously intervened and dismantled one of Ransomware LockBit's facilities, less than a week later, this group has returned and continued their illegal activities. And this group has created a simulated image of the FBI to conduct their operations more effectively.
The operator stated that the NCA only removed servers running PHP, therefore backup systems not using PHP will not be affected.
A warning from the operator indicates that chat board servers and blog servers using PHP 8.1.2 are vulnerable to the security flaw CVE-2023-3824, facilitating NCA intrusion and disruption of operations.
Speculation suggests that law enforcement agencies attacked Ransomware LockBit because the group had obtained sensitive information related to Donald Trump's court hearings in the attack on Fulton County in January this year. If the data is leaked, it "could affect the upcoming election in the US"
Ransomware LockBit declares it will attack ".gov domains more frequently" and test the security capabilities of systems.
The NCA and international partners have announced the removal of Ransomware LockBit's website and infrastructure, including 34 servers storing stolen information, decryption tools, information about affiliates, and various other data.
Comments are closed