Type to search

Lockbit Cybercrime Gang Claims It’s Up And Running Again

The notorious ransomware group was the target of an international law enforcement bust last week but now says it is back online

A screenshot taken on February 19, 2024 shows a take down notice that a group of global intelligence agencies issued to a dark web site called Lockbit (Handout via Reuters).


Lockbit, the cybercrime gang that a major international police operation pulled the plug on earlier this month, claims it has restored its servers and is back online.

The group, notorious among the internet’s criminal underground for using malicious software called ransomware to digitally extort victims, was the target of an unprecedented international law enforcement team-up last week which saw its members arrested and indicted.

Lockbit’s own website was used by police to taunt its ringleaders, and last Friday police said its leader “LockbitSupp” was cooperating with law enforcement, without elaborating.


Also on AF: China Warns Market Rule-Breakers: ‘We Will Punish You’


In a lengthy, rambling statement dated Saturday, the group said law enforcement had hacked Lockbit’s darkweb site – where the gang leaks data stolen from its victims – using a vulnerability in the PHP programming language, which is widely used to build websites and online applications.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement, which was posted in English and Russian on a new version of Lockbit’s darkweb site.

A spokesperson for Britain’s National Crime Agency, which led the international effort to seize Lockbit’s operations, said the group “remains completely compromised”.

“We recognised Lockbit would likely attempt to regroup and rebuild their systems. However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues,” the NCA said on Monday.


Russian Nationals Arrested

The new Lockbit darkweb site showed a gallery of company names, each attached to a countdown clock marking the deadline within which that company was required to pay ransom.

“They want to scare me because they cannot find and eliminate me, I cannot be stopped,” said the statement, which was presented as part of a mock-up leak from the FBI.

Last Tuesday the US announced it had charged two Russian nationals with deploying Lockbit ransomware against companies and groups around the world.

Police in Poland made an arrest, and in Ukraine, national and French police arrested a father-son duo they said carried out attacks using Lockbit’s malicious software.

The operation was widely seen by cybersecurity experts as designed to discredit Lockbit’s standing amongst its “affiliates” – the criminal groups which use Lockbit’s tools to carry out ransomware attacks.


  • Reuters with additional editing by Sean O’Meara


Read more:

Russians Named as West Smashes Lockbit Ransomware Gang

China Plan to Train 45,000 Firms in Hacker Protection Measures

China Facing a WikiLeaks-Style Crisis From Hacking Firm’s Data

AI Chiefs Say Deepfakes a Threat to World, Call For Regulation

Fake Chinese Accounts Flourish on X, Analysis Shows – WaPo



Sean O'Meara

Sean O'Meara is an Editor at Asia Financial. He has been a newspaper man for more than 30 years, working at local, regional and national titles in the UK as a writer, sub-editor, page designer and print editor. A football, cricket and rugby fan, he has a particular interest in sports finance.


AF China Bond