LockBit resurfaced days after a global takedown, relaunching on the dark web. While the group's return underscores the difficulty of permanent disruption, experts still view the takedown as a major win for law enforcement.
On the 20th of February this year, a coalition of international law enforcement agencies disrupted LockBit - a prolific ransomware group involved in several recent cyber incidents, such as the DP World hack and Citrix Bleed Vulnerability.
The action was hailed as a major win for cyber security institutions around the world as LockBit had become increasingly prolific in recent years, supplying ransomware as a service.
However, just 6 days later LockBit resurfaced on the darkweb and launched a new site shortly after a recent global law enforcement effort dismantled their infrastructure.
Despite the takedown, the group's leader posted a message and re-listed alleged victim organisations on the new site.
However, it appears that most, if not all, of the victims listed on the new site were targeted before the law enforcement takedown, suggesting that authorities may be able to provide decryptors for these victims. The FBI has not yet commented on the situation.
But it’s not all bad news, the takedown is still regarded as a major win for law enforcement and cyber security agencies with Emsisoft threat analyst Brett Callow stating:
“This doesn’t mean the disruption was a failure,” - “The fact is that LockBit, as a brand, is probably dead. It’s unlikely that anybody would trust an operation that was so completely compromised.”
According to The Hacker News, LockBit may already be in damage control having removed EquiLend and Ernest Healthcare from its data leak site as of February 29 2024, a promising sign for organisations globally.
“Bottom line: this was a very big win for the good guys. That said, this does highlight the challenges law enforcement face,” - “Some groups have cockroach-like resilience and permanently taking them out of action is far from easy.” - Brett Callow
Elon Musk’s X AI platform has been hit by a massive cyber-attack, leaving users in the U.S. and UK unable to refresh feeds or access accounts. Musk confirmed the attack’s severity, pointing to IP traces from “the Ukraine area,” though experts caution that origin masking is possible.
Late last week, an extraordinary announcement signaled a dramatic shift in U.S. cybersecurity policy: the Trump administration deprioritized Russia as a leading cyber threat. Experts fear downplaying Moscow’s aggression could expose American networks to new risks and undermine national security.
Since early 2022, the British government has tied Iran to over 20 plots threatening UK citizens, reflecting Tehran’s expanding covert tactics. These attempts—spanning assassination, kidnapping, and surveillance—mark a significant escalation on British soil.
In 2024, deepfakes became a major threat, causing market disruptions and privacy concerns. The rapid growth of AI technology has made digital deception easier, stressing the urgent need for enhanced verification systems to protect against misinformation and cyberattacks.
