Hackers thank the FBI for the "free pentest" and urge them to conduct it more often.
On the darknet, the operation to distribute the LockBit ransomware has once again intensified, just a few days after international law enforcement agencies took control of its infrastructure .
LockBit moved its data leak portal to a new onion address on the Tor network and published information about 12 new victims. The administrator of the criminal network, also known by the pseudonym "LockbitSupp", admitted in a detailed message that some of the group's websites were seized by law enforcement officers, probably due to the exploitation of the critical PHP vulnerability CVE-2023-3824 by state hackers.
LockbitSupp noted its own personal negligence, irresponsibility, and banal laziness as the reason why PHP was not updated to a secure version.
In addition, the report indicated that the FBI and agency partners from other countries hacked the LockBit infrastructure in response to a ransomware attack on the American city of Fulton in January, as the documents stolen there allegedly contained important information, including data on Donald Trump's court cases that could affect the upcoming US elections.
The administrator also sees nothing fundamentally wrong with the fact that the LockBit infrastructure was hacked, because law enforcement officers allowed him to detect vulnerabilities in this infrastructure by conducting a kind of"free pentest". Moreover, the LockBit administrator encourages affiliates to attack the US public sector more often in order to provoke a response even more often and "get stronger".
In its appeal, LockbitSupp also stated that it had never cooperated with law enforcement agencies, as stated by British law enforcement officers on the hacked onion portal of the group.
LockbitSupp also explained the four-day delay in restoring work by saying that it was necessary to adapt the platform's source code to the latest version of PHP due to incompatibilities.
In conclusion, he promised to strengthen the protection of his programs and switch to manual mode of issuing decryptors, so that in the event of a new attack, the FBI would not be able to get decryptors for free.
As you can see from the LockbitSupp message, LockBit's activity continues with renewed vigor, and therefore we should expect even more news about new attacks by a well-known extortionist gang in the near future. Apparently, now they will be even more often directed at government agencies in the United States and other countries.
On the darknet, the operation to distribute the LockBit ransomware has once again intensified, just a few days after international law enforcement agencies took control of its infrastructure .
LockBit moved its data leak portal to a new onion address on the Tor network and published information about 12 new victims. The administrator of the criminal network, also known by the pseudonym "LockbitSupp", admitted in a detailed message that some of the group's websites were seized by law enforcement officers, probably due to the exploitation of the critical PHP vulnerability CVE-2023-3824 by state hackers.
LockbitSupp noted its own personal negligence, irresponsibility, and banal laziness as the reason why PHP was not updated to a secure version.
In addition, the report indicated that the FBI and agency partners from other countries hacked the LockBit infrastructure in response to a ransomware attack on the American city of Fulton in January, as the documents stolen there allegedly contained important information, including data on Donald Trump's court cases that could affect the upcoming US elections.
The administrator also sees nothing fundamentally wrong with the fact that the LockBit infrastructure was hacked, because law enforcement officers allowed him to detect vulnerabilities in this infrastructure by conducting a kind of"free pentest". Moreover, the LockBit administrator encourages affiliates to attack the US public sector more often in order to provoke a response even more often and "get stronger".
In its appeal, LockbitSupp also stated that it had never cooperated with law enforcement agencies, as stated by British law enforcement officers on the hacked onion portal of the group.
LockbitSupp also explained the four-day delay in restoring work by saying that it was necessary to adapt the platform's source code to the latest version of PHP due to incompatibilities.
In conclusion, he promised to strengthen the protection of his programs and switch to manual mode of issuing decryptors, so that in the event of a new attack, the FBI would not be able to get decryptors for free.
As you can see from the LockbitSupp message, LockBit's activity continues with renewed vigor, and therefore we should expect even more news about new attacks by a well-known extortionist gang in the near future. Apparently, now they will be even more often directed at government agencies in the United States and other countries.
