Less than a week after the British police and its international partners took down LockBit infrastructure, the infamous threat actor is back and ready to resume its nefarious operations.
According to BleepingComputer, the ransomwareasaservice operator has set up a new .onion address, which not only lists five new victims and countdown timers for data leaks, but also a message for law enforcement.
The group reportedly created a mockup FBI leak image explaining that the attack was successful not because the police did a great job, but because the group became complacent.
Protecting Donald Trump?
“Because for 5 years of swimming in money I became very lazy,” the notification reads. “Due to my personal negligence and irresponsibility I relaxed and did not update PHP in time.”
Previously, the operators said the NCA only took down servers running PHP, and that backup systems without PHP were not affected. They also added that the chat panels server and the blog server were running PHP 8.1.2, which were vulnerable to CVE20233824, giving the NCA a window of opportunity to move in and disrupt the operation.
The operators also speculated that law enforcement attacked LockBit because the group obtained sensitive information on Donald Trump’s court cases during the attack on Fulton County in January this year. If leaked, the data “could affect the upcoming US election,” they said.
In retaliation, LockBit will attack “the .gov sector more often” and test its capability to fight back.
However, as no arrests were made, it was clear that the group was bound to bounce back sooner or later.