The upcoming release of LockBit 4.0 by the LockBit ransomware group in February 2025 has been reported by Cyble dark web researchers. This launch comes almost a year after a global law enforcement operation disrupted the group’s operations, resulting in the recovery of nearly 7,000 decryption keys. Since then, the RansomHub group has emerged as one of the most active ransomware groups in operation.
The announcement of LockBit’s comeback was shared by the group, enticing potential recruits with promises of wealth and luxury. However, the true test lies in whether LockBit can successfully reestablish itself in the ransomware landscape following the setbacks it has faced.
With over two years passing since the release of LockBit 3.0 and ongoing developments on LockBit 4.0, concerns have been raised about potential law enforcement access to source code and the need for significant changes to counter such threats. Cyble researchers have expressed uncertainty about LockBit’s ability to regain prominence, especially with the increasing competition from other Ransomware-as-a-Service (RaaS) groups such as RansomHub.
LockBit’s official release date for the 4.0 RaaS program is set for February 3, 2025, with keys provided for accessing their dark leak site (DLS). The RaaS model has gained traction among ransomware groups, offering tools and infrastructure in exchange for a share of profits. However, LockBit faces challenges from leaked source code versions of its ransomware, which could hinder its comeback efforts.
Threat researchers are monitoring the situation closely to see if LockBit modifies its targets or regions to evade law enforcement scrutiny. A 2022 attack on the Toronto Hospital for Sick Children received backlash and prompted LockBit to issue an apology along with a free decryptor.
Overall, the cybersecurity landscape continues to evolve, with ransomware groups adapting and competing in the dark web realm. The launch of LockBit 4.0 marks a significant development in this ongoing battle for control and dominance. Only time will tell if LockBit can rise once again or if other groups will continue to dominate the ransomware scene.