LockBit ransomware officially returns — hackers hit back with new attacks following apparent shutdown

The publication also confirmed that LockBit’s negotiation server is up and running again, but works only for new victims, the ones infected after Operation Cronos. 

Affecting the elections

The news comes weeks after the UK’s National Crime Agency (NCA), together with a team of international partners, broke into the infrastructure of one of the largest ransomware operations in the world. It managed to obtain decryptors, plenty of data stolen from different victims, as well as a list of almost 200 LockBit affiliates. To add insult to injury, the NCA also defaced LockBit’s data leak site and left a message to its visitors, ending with “Have a nice day.”

Soon after the operation, LockBit’s owners came forward to state that the law enforcement broke into the servers thanks to a bug in the PHP, and due to the fact that they were lazy after “swimming in money” for five years. They promised improvements to the infrastructure to make it more resilient, and further promised more attacks against government institutions, in retaliation.

They also claimed to have been a target because of the data they stole from Fulton County earlier this year. Allegedly, the data stolen there contains sensitive information regarding the court cases against Donald Trump which, if leaked, “could affect the upcoming US election,” they said.

When the NCA first took down LockBit’s infrastructure, it made no arrests. Without detainments, it was only a matter of time before the threat actors bounced back.

More from TechRadar Pro

• Unsurprisingly, LockBit ransomware crew has returned
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now