Image Credit: adp.com
In a surprising turn of events, the notorious cybercrime group Lockbit, known for its use of ransomware to extort victims, claims to be operational again following a recent international takedown effort by law enforcement agencies.
Earlier in February, a coordinated operation led by the United Kingdom’s National Crime Agency (NCA) targeted Lockbit. This unprecedented effort resulted in arrests, indictments, and the seizure of the group’s infrastructure, effectively taking them offline.
However, in a recent statement, Lockbit asserts that they have restored their servers and are back in business. They claim their “backup blogs,” which are believed to be alternative platforms for leaking stolen data from victims, were unaffected by the takedown due to their use of a different programming language. This statement, posted on a newly established dark website, further asserts that stolen data leaks will continue.
The NCA, however, disputes Lockbit’s claims. They maintain that the group remains “completely compromised” and emphasize their ongoing efforts to disrupt Lockbit’s activities. Additionally, they acknowledge the possibility of the group attempting to rebuild and regroup, highlighting the vast amount of intelligence gathered about Lockbit and its associates.
While the group claims partial functionality, the effectiveness of the police operation and the extent of Lockbit’s capabilities are still under investigation. Cybersecurity experts continue to advise organizations to remain vigilant and implement robust defenses against the ever-present threat of ransomware attacks.
