Recent law enforcement action saw several LockBit sites resurrected, with the stated announcement that more details would be revealed about LockBit admin LockBitSupps, gang members and affiliates of the group.
As part of the action, at least three former LockBit leak sites were brought back as part of the recent effort. The sites additionally state that the seized domains are set to shut down again within 4 days.
LockBit Sites Resurrected Were Seized Earlier by Law Enforcement
The sites were brought down earlier as part of the joint-sequence Operation Cronos from, where 10 countries took action to disrupt LockBit’s infrastructure facilities within in the United States and abroad.
The group said law enforcement had hacked its former dark web site using a vulnerability in the PHP programming language, which is widely used to build websites.
The resurrected site suggests that law enforcement personnel have obtained further access to details involving LockBit affiliates and the ransomware group’s admin LockBitSupp while investigating the group’s back-end systems.
During the earlier operation, law enforcement also claimed to be aware of personal details involving LockBitSupp, claiming to know where he lives and that he had engaged with law enforcement.
As indicated by the site, the agencies responsible for the recent action will likely issue official press statements. The agencies re-affirmed its commitment to supporting ransomware victims worldwide and encouraged individuals and organizations to report incidents to law enforcement.
LockBit Claimed Responsibility for Recent String of Attacks
Despite the earlier disruptions and seizures, LockBit continued to claim responsibility for several recent attacks including an attack on Cannes Hospital. The attack forced the hospital to take down its computer systems and switch to traditional pen and paper or manual systems to continue to support patients.
Following the hospital’s refusal to surrender to ransom demands, the group had allegedly published medical and personal data, including ID cards, health sheets and pay slips.
However, the extent and scale of the ransomware group’s operations remains much lower than observed in the past year. It is unknown what effect the current action might have on the group’s operations as both law enforcement and the ransomware group as well as it’s affiliates remain persistent with their efforts.