The LockBit ransomware group has resurfaced after being taken down by law enforcement

The threat actors behind LockBit ransomware have resurfaced on the dark web using new infrastructure, listing 12 new victims as of writing.The administrator behind LockBit said some of their websites were confiscated by most likely exploiting a critical PHP flaw tracked as CVE-2023-3824, acknowledging that they didn’t update PHP due to “personal negligence and irresponsibility”.The group claimed the FBI “hacked” their infrastructure because of a ransomware attack on Fulton County in January and the stolen documents contained “a lot of interesting things” and Donald Trump’s court cases that could affect the upcoming U.S. election.It took 4 days to recover because the source code for the latest version of PHP was incompatible. The FBI will not get a single decryptor for free.
Russia Arrests Three SugarLocker Members
The attackers posted ads for hiring new employees on the website of a legitimate IT firm, and developed custom malware, phishing sites, and drove user traffic to fraudulent schemes.
The arrest of Ermakov is notable, as it comes in the wake of financial sanctions imposed by Australia, the U.K., and the U.S. against him for his alleged role in the 2022 ransomware attack against health insurance provider Medibank.
Update
Security firm RedSense said the rest of the victims are fake claims. They should delete all other entries from their blog.
LockBit Saga — Timeline of Events
LockBit, a ransomware group that has extorted over $91 million since 2019, was busted by an international law enforcement operation. The operation used a PHP security flaw to disrupt LockBit’s websites, marking a significant blow to the group’s activities. Law enforcement disrupted LockBit, arresting affiliates and seizing assets. LockBit remains a significant cyber threat despite setbacks, and has listed 12 new victims on its data leak portal.