Lockbit Operates Again After International Police Ambush

Illustration of data leaked on the Lockbit website. (photo: x @Mr.RajputHacker)

JAKARTA - Lockbit, a cyber crime gang that was blocked online by a comprehensive international police operation earlier this month, announced that it had restored their servers and resumed operations.

The group is well-known in the internet criminal underground world for using malicious software called ransomware to extort its digital victims. They are the target of an unprecedented international law enforcement operation last week that led to their members being arrested and charged.

The Lockbit website itself is used by police to mock its leaders, and last Friday, February 23, police said its leader "Lockbit Supp" was working with law enforcement, without providing an explanation.

In a long and convoluted statement dated Saturday, February 24, the group said law enforcement had hacked the Lockbit darkweb site where the gang leaked stolen data from their victims using vulnerabilities in the PHP programming language, which is widely used to build websites and online applications.

"All other servers with a backup blog that does not have an installed PHP are unaffected and will continue to provide data stolen from the company being attacked," the statement said, posted in English and Russian in a new version of Lockbit's darkweb site.

A spokesman for the UK National Crime Agency, which is leading international efforts to seize Lockbit's operations, said the group was "completely disrupted".

"We recognize Lockbit is likely to try to reunite and rebuild their systems. However, we have gathered a lot of intelligence about them and those associated with them, and our job of targeting and disrupting them continues," the NCA said on Monday, February 26.

The new Lockbit darkweb site features a company name gallery, each equipped with a countdown clock that marks a time limit in which the company is required to pay the ransom.

"They wanted to scare me because they couldn't find and get rid of me, I couldn't stop," said the statement, which was presented as part of a fake leak from the FBI.

Last Tuesday, the US announced that it had accused two Russians of using Lockbit ransomware against companies and groups around the world.

Police in Poland made arrests, and in Ukraine, national and French police arrested a father-son duo they said carried out an attack using Lockbit's malicious software.

This operation is widely considered by cybersecurity experts as an attempt to tarnish Lockbit's reputation among its "affiliated" criminal groups that use Lockbit tools to carry out ransomware attacks.