LockBit resurfaced days after a global takedown, relaunching on the dark web. While the group's return underscores the difficulty of permanent disruption, experts still view the takedown as a major win for law enforcement.
On the 20th of February this year, a coalition of international law enforcement agencies disrupted LockBit - a prolific ransomware group involved in several recent cyber incidents, such as the DP World hack and Citrix Bleed Vulnerability.
The action was hailed as a major win for cyber security institutions around the world as LockBit had become increasingly prolific in recent years, supplying ransomware as a service.
However, just 6 days later LockBit resurfaced on the darkweb and launched a new site shortly after a recent global law enforcement effort dismantled their infrastructure.
Despite the takedown, the group's leader posted a message and re-listed alleged victim organisations on the new site.
However, it appears that most, if not all, of the victims listed on the new site were targeted before the law enforcement takedown, suggesting that authorities may be able to provide decryptors for these victims. The FBI has not yet commented on the situation.
But it’s not all bad news, the takedown is still regarded as a major win for law enforcement and cyber security agencies with Emsisoft threat analyst Brett Callow stating:
“This doesn’t mean the disruption was a failure,” - “The fact is that LockBit, as a brand, is probably dead. It’s unlikely that anybody would trust an operation that was so completely compromised.”
According to The Hacker News, LockBit may already be in damage control having removed EquiLend and Ernest Healthcare from its data leak site as of February 29 2024, a promising sign for organisations globally.
“Bottom line: this was a very big win for the good guys. That said, this does highlight the challenges law enforcement face,” - “Some groups have cockroach-like resilience and permanently taking them out of action is far from easy.” - Brett Callow
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.
We cover the extensive supply chain disruptions affecting logistics, airlines, and transport worldwide. Additionally, we examine the financial impact on CrowdStrike’s stock price and the ensuing reactions from financial markets and analysts.
