The LockBit ransomware group is threatening to release stolen Fulton County Court documents related to Donald Trump's case unless a ransom is paid, claiming the files contain information that could impact the upcoming U.S. election. This comes shortly after the FBI's takedown of LockBit's infrastructure, with the group's leader suggesting the move was politically motivated. The group also endorsed Donald Trump for President and threatened further attacks on the government sector.
The LockBit ransomware gang has relaunched its operations on new infrastructure after law enforcement disrupted their servers, threatening to target government sectors more. They admitted negligence led to the breach and announced plans to enhance security and decentralize affiliate panels. The gang's message appears to be damage control, aiming to restore credibility after the setback.
LockBit ransomware developers were secretly working on a new version of their file encrypting malware, LockBit-NG-Dev, likely to become LockBit 4.0, before law enforcement took down their infrastructure. The new version, written in .NET and compiled with CoreRT, supports multiple operating systems and includes features such as three encryption modes, custom file exclusion, and a self-delete mechanism. While the new encryptor lacks some features present in previous iterations, its discovery is another blow to LockBit operators through Operation Cronos, making restoring their cybercriminal business a tough challenge.
The United States Department of State has announced reward offers of up to $15 million for information leading to the arrest and/or conviction of individuals involved in LockBit ransomware attacks, as well as for the identification and/or location of key leaders of the LockBit ransomware group. This comes in response to over 2,000 LockBit attacks since January 2020, resulting in costly disruptions and significant ransom payments. The U.S. has also designated two individuals involved in LockBit under Executive Order 13694, and is collaborating with international partners to disrupt the criminal organization. Information can be directed to the FBI through various channels, and the reward is offered under the Department of State’s Transnational Organized Crime Rewards Program.
The US and UK authorities have disrupted the LockBit ransomware group, seizing their assets and obtaining decryption keys to help victims regain access to their systems. The US Department of Justice unsealed an indictment against two Russian nationals believed to be responsible for the attacks, and urged victims to reach out to the FBI for potential decryption assistance. The group is accused of targeting over 2,000 victims and extorting more than $120 million in ransom payments, with attacks ranging from businesses to government entities.
Law enforcement agencies from 11 countries have disrupted the LockBit ransomware operation in a joint operation known as "Operation Cronos," seizing control of the gang's data leak website and affiliate panel. The National Crime Agency of the UK, working with the FBI and international law enforcement, has taken down LockBit's services, including ransom negotiation sites. The gang's victim list includes high-profile organizations such as the UK Royal Mail, the City of Oakland, and the Bank of America, with cybersecurity authorities estimating that the gang has extorted at least $91 million from U.S. organizations since 2020.
The LockBit ransomware gang has leaked over 43GB of data stolen from Boeing after the aerospace company refused to pay a ransom. The leaked data includes backups for various systems, with the most recent files dated October 22. LockBit had previously warned Boeing about the data becoming public and threatened to release a sample if the company did not engage in negotiations. The ransomware gang eventually followed through on their threat and published all the stolen data on November 10. LockBit is a long-standing ransomware-as-a-service operation that has targeted numerous organizations globally, extorting approximately $91 million since 2020.
