International authorities managed to knock out the Lockbit cybercriminalsmalware distributed by the firm continues to wreak havoc all over the world.
Cut off one head and two grow back immediately afterwards. The Lockbit hydra continues to do damage even after the large-scale operation which allowed international authorities to dismantle a large part of the cybercriminal network. Firms specializing in cybersecurity note that machines continue to be taken hostage by malware from Lockbit’s laboratories.
Lockbit replicas still do damage
In the United States, several hospitals, veterinary offices and government pharmacies are in fact under attack exploiting a flaw in the ScreenConnect software, which normally allows computers to be debugged remotely. But more than the attack channel, it is the ransomware installed on victims’ machines that suggests that traces of Lockbit still persist on the web.
The ransomware actually looks exactly like that used by the famous hacker group, which normally only rented its infrastructure and malware to clients, without ever distributing them freely. Could it be that local groups made up of free electrons belonging to Lockbit are still rampant?
According to a manager at the cybersecurity firm Huntress, it would in fact be a version of the software “stolen” from Lockbit a few months ago. The software indeed resembles a version that a member of Lockbit would have leaked around September 2022. This would explain how certain cybercriminals could therefore exploit the software by pretending to be Lockbit, in order to increase a little pressure on the victims.
This is not the end of Lockbit
According to Sophos X-Ops, another cybersecurity company, aftershocks from the Lockbit earthquake could still be felt, even after the huge police operation earlier this year. The firm compares Lockbit to Conti, another collective of malicious hackers who for years sowed discord on the Internet, even after its supposed closure by the authorities. “It’s too early to say whether Lockbit will be as resilient in 2024, but we’re entering the seventh week of the year and the group is still widely talked about“, warns Sophos X-Ops.
According to the company, these attacks actually come from “subsidiaries» by Lockbit «who are still alive and well“. Whether it’s pockets of resistance made up of hacker group members or copycats looking for some easy money, one thing is certain, this isn’t the last time the Lockbit name made people talk about him.
Source : Sophos X-Ops via Ars Technica
0