LockBit resurfaced days after a global takedown, relaunching on the dark web. While the group's return underscores the difficulty of permanent disruption, experts still view the takedown as a major win for law enforcement.
On the 20th of February this year, a coalition of international law enforcement agencies disrupted LockBit - a prolific ransomware group involved in several recent cyber incidents, such as the DP World hack and Citrix Bleed Vulnerability.
The action was hailed as a major win for cyber security institutions around the world as LockBit had become increasingly prolific in recent years, supplying ransomware as a service.
However, just 6 days later LockBit resurfaced on the darkweb and launched a new site shortly after a recent global law enforcement effort dismantled their infrastructure.
Despite the takedown, the group's leader posted a message and re-listed alleged victim organisations on the new site.
However, it appears that most, if not all, of the victims listed on the new site were targeted before the law enforcement takedown, suggesting that authorities may be able to provide decryptors for these victims. The FBI has not yet commented on the situation.
But it’s not all bad news, the takedown is still regarded as a major win for law enforcement and cyber security agencies with Emsisoft threat analyst Brett Callow stating:
“This doesn’t mean the disruption was a failure,” - “The fact is that LockBit, as a brand, is probably dead. It’s unlikely that anybody would trust an operation that was so completely compromised.”
According to The Hacker News, LockBit may already be in damage control having removed EquiLend and Ernest Healthcare from its data leak site as of February 29 2024, a promising sign for organisations globally.
“Bottom line: this was a very big win for the good guys. That said, this does highlight the challenges law enforcement face,” - “Some groups have cockroach-like resilience and permanently taking them out of action is far from easy.” - Brett Callow
A Chinese ship captain has been charged in Taiwan for deliberately damaging a subsea cable, marking a rare prosecution tied to infrastructure sabotage. The case highlights growing concerns over global undersea cable vulnerabilities amid rising tensions with China.
Australia is facing a double threat to its financial security: cyberattacks on major superannuation funds and the fallout from Trump’s “Liberation Day” tariff declaration. Both have exposed deep vulnerabilities in retirement savings, leaving Australia’s future wealth increasingly at risk.
The global data centre boom is faltering as credit risks, rising tariffs, and capital costs take hold. Valuations have dropped by as much as 40%, projects are being delayed or cancelled, and hyperscalers are stepping back from long term deals as the sector undergoes a major reset.
A coordinated cyberattack hit Australia’s largest pension funds, compromising over 20,000 accounts. Hackers targeted retirees for fraud, exploiting weak authentication. The breach exposed major gaps in super fund security and shook public trust in the $3.5T industry.
