Beware Feb. 3, 2025Diabolic Ransomware Gang Issues New Attack Warning
LockBit warn they will be back, on Feb. 3, 2025gettyUpdate, Dec. 21, 2024: This story, originally published Dec. 20, now includes news of criminal charges filed against the suspected developer of the LockBit ransomware by the U.S. Department of Justice.If you thought law enforcement had not only disrupted the LockBit ransomware operation, alongside trolling the criminal gang behind it but taken it out of business altogether, then you are likely in for a shock: LockBitSupp, the groups alleged leader, has warned LockBit 4 will return next year. In fact, a dark web posting said the new ransomware attacks would launch on Feb. 3, 2025, to be precise. Heres what we know.The LockBit 4 Ransomware ResurgenceAs news of a new variant of NotLockBit ransomware targeting Windows and Mac users breaks, it looks like the original threat that the new group imitates is about to rise phoenix-like from the FBI takedowns earlier this year.A dark web posting, apparently from the administrator of the LockBit ransomware group, has teased the launch of a new version of the threat by posing the question: Want a Lamborghini, Ferrari and lots of titty girls? Sign up and start your pentester billionaire journey in 5 minutes with us. It is understood that a new leak website has been prepared for launch, along with a total of five anonymous TOR sites: the official release date for the latest version is cited as Feb. 3, 2025.MORE FOR YOUWhat You Need To Know About The LockBit Ransomware Attack ThreatLockBits activity has fluctuated month-on-month in 2024 following its takedown in February, Matt Hull, global head of threat intelligence at cyber security giant NCC Group, said. However, LockBit remained the most active ransomware threat actor in May 2024, responsible for 37% of all attacks, according to NCC Group data. In July 2024, LockBit 3.0 was also the second most prolific threat actor, Hull said. That burst of activity appears to have been short-lived, with the group not appearing in the top ten most active threat actors during October and November.LockBit operates on a Ransomware-as-a-Service affiliate model, with their particular structure providing affiliate groups with a central control panel to create their own LockBit samples, manage their victims, publish blog posts, and view statistics regarding their success rates for each attack, Hull said. RaaS models operate in a pseudo-organizational hierarchy, where the operators of the ransomware variant will get a percentage cut of each successful ransomware attack carried out by their affiliates, Hull said, thus minimizing the risk that the operators take on with each campaign.Like most other current ransomware actors, the LockBit threat deploys a double-extortion methodology of file encryption and sensitive data exfiltration. That data is subsequently posted on their leak site where interested buyers can now pay for access to the data, a timer extension, or even the datas deletion, Hull said, unless the ransom is paid, of course.Suspected LockBit Ransomware Coder Charged By U.S. Department Of JusticeRostislav Panev, a 51-year-old with Russian and Israeli citizenship, has been charged by the U.S. Department of Justice on suspicion of being involved ins the development of the LockBit ransomware family malware. The newly unsealed U.S. District Court, District of New Jersey, criminal complaint, charges Panev with conspiracy to commit fraud and related activity in connection with computers. That activity being the development, specifically, of the LockBit ransomware encryptors as well as one of the custom tools used in LockBit ransomware attacks known as StealBit. According to a Bleeping Computer report, Panev was arrested on Aug 18, 2024 in Israel where he remains in custody while a request for his extradition to the U.S. is processed.In the criminal complaint, Jacob A. Walker, a Special Agent with the Federal Bureau of Investigation, stated that Panev has provided coding and development services to the LockBit ransomware group since at least as early as in or around January 2022 and has received at least as much as approximately $230,000 in cryptocurrency transfers from the LockBit group during that time. Panev went on to state that On May 2, 2024, a grand jury in the District of New Jersey indicted a Russian national, Dmitry Yuryevich Khoroshev, on 26 criminal counts based on Khoroshevs alleged role as the creator and primary developer and administrator of the LockBit group. The criminal complaint said that, while Khoroshev remains a fugitive, U.S. authorities believe that Panev was subordinate to Khoroshev in the LockBit group.Mitigation Methods For Incoming Ransomware AttacksAccording To The FBIWith ransomware-as-a-service and double-extortion ransom tactics on the increase, the Federal Bureau Of Investigation has warned users to be alert to the risk and provided a number of recommended mitigation methods. The FBI said that organizations should enact three mitigating strategies immediately:Install updates for operating systems, software and firmware as soon as they are released.Require phishing-resistant, non SMS-based multi-factor authentication.Educate users to both recognize and report phishing attempts.