LockBit, a Russian-speaking ransomware operation, announced its return to hacking on Saturday after a recent takedown by law enforcement agencies as part of Operation Cronos. The leader of LockBit, LockBitSupp, posted a lengthy message on the dark web leak site, vowing to continue despite the efforts to dismantle the operation. The FBI reportedly exploited a vulnerability in PHP to penetrate LockBit’s servers, leading to the takedown. The law enforcement agencies involved in Operation Cronos did not reveal the identity of LockBitSupp, leading to speculation about his true identity.
Despite LockBit’s attempts to make a comeback, experts believe that the operation has been seriously damaged by the takedown and that LockBitSupp’s reputation has been permanently affected. The re-established leak site includes victim entries from just before the takedown, including attacks on entities like Fulton County, Georgia. LockBit claims that the FBI may have used a zero-day PHP exploit and only captured a small portion of the decryptors on their server during the takedown.
LockBitSupp is known for exaggerating and erratic behavior, drawing criticism even from within criminal circles. The FBI’s successful takedown of LockBit has caused doubt and fear in the criminal underground, affecting LockBit’s reliability and reputation. While LockBit may attempt to decentralize its administrative panel to make future takedowns harder, experts believe that affiliates will be hesitant to continue working with the operation due to the recent exposure to law enforcement.
The FBI declined to comment on LockBit’s return to hacking, but experts believe that the impact of Operation Cronos will have a lasting effect on LockBit and its leader. LockBitSupp’s attempt to continue hacking after the takedown may be met with skepticism and wariness from affiliates and potential victims. Despite LockBit’s efforts to regain control, the successful takedown by law enforcement has significantly damaged the operation’s reputation and credibility.