CyberSecurity SEE

LockBit Admins Hint at a New Ransomware Version

LockBit Admins Hint at a New Ransomware Version

LockBit, a notorious ransomware group that was taken down in February 2024, seems to be gearing up for a comeback. On December 19, LockBitSupp, the group’s alleged administrators, announced plans to launch a new version of their ransomware, LockBit 4.0. The announcement, posted on their website, included enticing language like “Want a Lamborghini, Ferrari and lots of titty girls? Sign up and start your pentester billionaire journey in 5 minutes with us.”

LockBitSupp also provided a website, lockbit4[dot]com, along with five TOR sites and a release date of February 3, 2025. This move suggests that LockBit is strengthening its infrastructure to enhance their operations. Cyber Threat Intelligence Academy commented on social media that the inclusion of multiple onion links indicates LockBit’s commitment to expanding its reach.

In a surprising turn of events, Vx-Underground, a group of security researchers, revealed that LockBitSupp has granted them access to the program, shared code samples, and is actively reverse-engineering them. Additionally, Zscaler ThreatLabz announced that they have added the LockBit 4.0 ransom note to their repository of ransom notes.

This attempt at a resurgence comes almost a year after a significant portion of LockBit’s infrastructure was dismantled during a global law enforcement raid known as Operation Cronos. However, despite this setback, LockBit was still ranked as the most active threat actor in May and the second-most active in July. It is worth noting that some of this activity may have been driven by other groups using leaked builder kits. In contrast, LockBit did not feature in the top ten most active threat actors in October and November.

Furthermore, on the same day as LockBit’s announcement, Israeli news outlet Ynet reported that the US is seeking the extradition of Rostislav Panev, an Israeli national allegedly linked to LockBit. Panev is accused of working as a software developer for the ransomware group between 2019 and 2024, during which he allegedly earned $230,000 primarily through cryptocurrency transactions. Law enforcement agencies reportedly found digital wallets and ransom templates linked to these payments during searches at Panev’s residence. According to Panev’s lawyer, Sharon Nahari, Panev denies any involvement in the alleged criminal activities.

While the US Department of Justice initially released a statement regarding Panev’s extradition, the statement is no longer accessible on their website. These developments indicate that LockBit is poised to make a comeback, despite previous setbacks, and law enforcement agencies are actively pursuing individuals associated with the group to face legal consequences. It remains to be seen how LockBit’s resurrection will impact the cybersecurity landscape moving forward.

Source link

Exit mobile version