On the 20th of February this year, a coalition of international law enforcement agencies disrupted LockBit - a prolific ransomware group involved in several recent cyber incidents, such as the DP World hack and Citrix Bleed Vulnerability.
The action was hailed as a major win for cyber security institutions around the world as LockBit had become increasingly prolific in recent years, supplying ransomware as a service.
However, just 6 days later LockBit resurfaced on the darkweb and launched a new site shortly after a recent global law enforcement effort dismantled their infrastructure.
Despite the takedown, the group's leader posted a message and re-listed alleged victim organisations on the new site.
However, it appears that most, if not all, of the victims listed on the new site were targeted before the law enforcement takedown, suggesting that authorities may be able to provide decryptors for these victims. The FBI has not yet commented on the situation.
LockBit Takedown Still A Big Win
But it’s not all bad news, the takedown is still regarded as a major win for law enforcement and cyber security agencies with Emsisoft threat analyst Brett Callow stating:
“This doesn’t mean the disruption was a failure,” - “The fact is that LockBit, as a brand, is probably dead. It’s unlikely that anybody would trust an operation that was so completely compromised.”
According to The Hacker News, LockBit may already be in damage control having removed EquiLend and Ernest Healthcare from its data leak site as of February 29 2024, a promising sign for organisations globally.
“Bottom line: this was a very big win for the good guys. That said, this does highlight the challenges law enforcement face,” - “Some groups have cockroach-like resilience and permanently taking them out of action is far from easy.” - Brett Callow