How will the latest attempts of hackers to revive their evil empire turn out?
Recently, we reported that the infrastructure of the LockBit hacker group, widely known for its ransomware attacks, was eliminated as a result of Operation Kronos, conducted by the British authorities. This event was a significant blow to the activities of LockBit, which has long remained one of the leading players in the field of cybercrime.
In fact, the group has not been doing very well for a long time. Over the past year, LockBit has faced a series of challenges: organizational disputes, leaks of internal tools, uncoordinated attacks, deception of victims, and the actions of competitors who used leaked tools to create copycat malicious operations.
All these events have undermined the credibility of LockBit among affiliates and even the victims themselves, significantly complicating the group's expansion, as well as maintaining the shock rate at which LockBit has long carried out its attacks.
However, despite the fact that the LockBit infrastructure is now almost completely eliminated, and law enforcement officers are making successful arrests of former participants, the most loyal remaining dark hackers are not sitting idly by and are already developing new malware that can help the group correct its situation and be reborn from the ashes, like Phoenix.
So, recently, Trend Micro specialists discovered a new software from LockBit, tracked by researchers as LockBit-NG-Dev. It may serve as the basis for the next version of their LockBit 4.0 malware.
The new version of the proprietary cryptographer was developed on .NET and compiled using CoreRT, which makes it more versatile and less platform-specific. This may indicate that the group is trying to expand its capabilities to attack a variety of systems. By the way, just today we wrote that despite the elimination of their infrastructure , hackers are still conducting cyber attacks.
Unlike previous versions, LockBit-NG-Dev lost the ability to self-propagate, which was typical for early implementations of LockBit. This change may indicate the group's desire to improve its own control over the spread of malware and avoid unwanted attention from security services.
In addition, the new version includes mechanisms for more fine-tuning attacks, which is likely to allow affiliates to more effectively manage the process of encrypting victims data and negotiating ransoms.
Given the significant changes in the new version of the software and the efforts made to eliminate previous shortcomings, there is reason to believe that LockBit has a chance to restore its position in the cybercrime market.
However, the question of whether the band will be able to fully restore its reputation and regain its former greatness remains open. The effectiveness of the new software, as well as the group's ability to resist law enforcement and interact productively with affiliates, will be key factors determining their future in the cybercrime world.
Recently, we reported that the infrastructure of the LockBit hacker group, widely known for its ransomware attacks, was eliminated as a result of Operation Kronos, conducted by the British authorities. This event was a significant blow to the activities of LockBit, which has long remained one of the leading players in the field of cybercrime.
In fact, the group has not been doing very well for a long time. Over the past year, LockBit has faced a series of challenges: organizational disputes, leaks of internal tools, uncoordinated attacks, deception of victims, and the actions of competitors who used leaked tools to create copycat malicious operations.
All these events have undermined the credibility of LockBit among affiliates and even the victims themselves, significantly complicating the group's expansion, as well as maintaining the shock rate at which LockBit has long carried out its attacks.
However, despite the fact that the LockBit infrastructure is now almost completely eliminated, and law enforcement officers are making successful arrests of former participants, the most loyal remaining dark hackers are not sitting idly by and are already developing new malware that can help the group correct its situation and be reborn from the ashes, like Phoenix.
So, recently, Trend Micro specialists discovered a new software from LockBit, tracked by researchers as LockBit-NG-Dev. It may serve as the basis for the next version of their LockBit 4.0 malware.
The new version of the proprietary cryptographer was developed on .NET and compiled using CoreRT, which makes it more versatile and less platform-specific. This may indicate that the group is trying to expand its capabilities to attack a variety of systems. By the way, just today we wrote that despite the elimination of their infrastructure , hackers are still conducting cyber attacks.
Unlike previous versions, LockBit-NG-Dev lost the ability to self-propagate, which was typical for early implementations of LockBit. This change may indicate the group's desire to improve its own control over the spread of malware and avoid unwanted attention from security services.
In addition, the new version includes mechanisms for more fine-tuning attacks, which is likely to allow affiliates to more effectively manage the process of encrypting victims data and negotiating ransoms.
Given the significant changes in the new version of the software and the efforts made to eliminate previous shortcomings, there is reason to believe that LockBit has a chance to restore its position in the cybercrime market.
However, the question of whether the band will be able to fully restore its reputation and regain its former greatness remains open. The effectiveness of the new software, as well as the group's ability to resist law enforcement and interact productively with affiliates, will be key factors determining their future in the cybercrime world.
