LockBit group opens new servers, resumes operations

The LockBit ransomware gang has restarted cyberattacks with new encryptors and negotiation servers as well as a new data leak website, according to BleepingComputer.

The group was the recent target of 'Operation Cronos' which was conducted by multiple law enforcement agencies and led to the seizure of its decryptors and other infrastructure. However, LockBit soon after launched a new data leak site containing a note to the FBI and a promise to implement new measures to prevent future operation-wide attacks by law enforcement groups. In the note, the group claimed that the exploitation of a PHP vulnerability allowed law enforcers to breach their servers. Samples have been recovered and uploaded to VirusTotal of updated ransom notes in the group's encryptors with links to new Tor URLs. Its negotiation servers have also been confirmed to be live once more but only accessible to victims of new attacks. The gang further stated that it is currently seeking experienced pentesters for recruitment, signaling the likelihood of an increase in attacks in the future.