Lockbit announced a massive ransomware operation, this time infiltrating 8 targets at once across 3 countries. USA, Belgium, and Germany were on the menu.
Lockbit is currently in full recovery mode after a failed FBI operation that led law enforcement agencies to seize the organization’s website. The FBI worked in conjunction with their UK counterparts during Operation Cronos to infiltrate and destroy Lockbit.
It appeared to work for a while, as the group’s website bore the FBI’s message stating that the website was locked. However, it didn’t last long, as Lockbit reemerged fairly soon. Not only that, but their very first operation was against the FBI itself.
Since then, the organization appears to conduct business as usual, totally unaffected by the FBI’s intervention. It also doesn’t appear concerned about the attention it’s getting from the most powerful law enforcement agencies in the world.
However, this is rather typical powerplay. While the FBI, often in conjunction with CISA, has dissolved several ransomware and DDoS entities, they haven’t managed to eradicate them completely. That’s because of the plan B.
All cybercriminal gangs have a plan B in place, which often revolves around redistributing their assets, systems, tools, and manpower to other actors. Or simply rebranding themselves to throw their pursuers off the track.
It appears it is. Most have hoped that the FBI’s operation has finally put an end to Lockbit’s reign, but that doesn’t seem to be the case. Not only that Lockbit bounced back within weeks after the FBI’s announcement, but they moved on to the next phase too.
While this was worrying, it wasn’t as worrying as what the FBI uncovered during the Cronos operation. According to the initial reports, it seems like Lockbit is preparing to release their 4.0 version.
Not only that, but it seems like the 4.0 version is already in late-stage development. This explains how the ransomware ring was able to overcome FBI’s attack so easily. Such a news is enough to put everyone on guard and for good reasons.
Lockbit’s most recent operation appears to be a grim omen of what’s to come. The organization has been unusually active since its comeback, conducting extensive ransomware operations with multiple victims at once.
This adds to the fact that Lockbit already ranks as the most dangerous and prolific ransomware ring in the world. The FBI recorded over 2,000 victims and upwards of $121 million in ransom revenue since the group’s inception.
This shows that Lockbit is here to stay and is already getting ready for their 4.0 release. Which should be a massive update by all metrics if we consider the difference between 2.0 and 3.0.
We believe security online security matters and its our mission to make it a safer place.