Companies and government agencies around the world let out a sigh of relief after police carried out Operation Chronus to dismantle the infamous LockBit ransomware gang.
The only problem? After a few days of being taken down, it’s back and ready to start attacks once more.
It doesn’t come as a surprise to law enforcement agencies; for years the group operated as dregs slithering through the shadows, extorting its victims while profiting to the tune of over $120 million. It’s no surprise they didn’t give it up after losing a few websites and their stolen data.
The member of the group who handles administrative tasks and goes by the name LockBitSupp posted an explanation of what happened from their perspective on the new LockBit forums.
“At 20:47 I found that the (LockBit) site gives a new 404 error.”
They stated the group was compromised due to “personal negligence and irresponsibility.” Their security software hadn’t been updated to the newest PHP version, leaving them exposed to an infiltration campaign.
Ironically, infiltrating software through blatant vulnerabilities is the LockBit gang’s MO.
One interesting part of the post is when they explain that the authorities took down their websites just as they were about to release extremely sensitive information regarding the Fulton County, Georgia Trump case.
Recently, the gang launched a devastating attack on the Fulton County Courthouse. They encrypted and stole data related to the Trump trial and attempted to ransom it back to the court. The ransom was never paid.
As the group attempted to release the stolen information since they weren’t getting their money, their systems were taken offline. Strangely, the poster states “Personally, I will vote for Trump.”
Law enforcement agencies around the world believe the hacking group Russian state-sponsored, not sponsored by the US. Pretending to be a US citizen to push propaganda that sways voters is a widely used tactic of Russian propaganda campaigns.