LockBit claims it’s back in action just days after an international law enforcement effort seized the ransomware gang’s servers and websites, and retrieved more than 1,000 decryption keys to assist victims.
The crew’s latest leak site, which debuted on Saturday, listed more than a dozen alleged victims including the FBI itself, hospitals and Georgia’s Fulton County, which is still struggling to recover from the intrusion that disrupted its phone, email and other IT systems in late January.
LockBit claimed to be responsible for the Fulton County break-in before the UK’s National Crime Agency (NCA) and US FBI took down its infrastructure last week. The Georgia county, however, has reappeared on the crew’s Tor site, with a countdown clock set to expire on March 2 unless government officials pay the ransom demand.
The criminal gang claims to have a trove of Fulton confidential data such as the identities of jurors serving on a murder trial that “could put lives at risk and jeopardize a number of other criminal trials,” according to Krebs on Security.
Fulton County did not immediately respond to The Register‘s request for comment.
After confiscating LockBit’s infrastructure on February 20, arresting members of the ransomware gang and using its website to leak secrets about the crew’s operations, law enforcement promised its big reveal would happen on Friday with the identity of LockBitSupp, the group’s public spokesperson.
That turned out to be a big dud, and on Saturday LockBitSupp posed a long, rambling response to the FBI, later clarifying that by “FBI,” they mean all law enforcement, and continuing to taunt the federal cops:
“I am very pleased that the FBI has cheered me up, energized me and made me get away from entertainment and spending money, it is very hard to sit at the computer with hundreds of millions of dollars, the only thing that motivates me to work is strong competitors and the FBI, there is a sporting interest and desire to compete,” LockBitSupp opined.
The character also claimed that Operation Cronos hacked the gang’s servers by exploiting a PHP vulnerability: “Due to my personal negligence and irresponsibility I relaxed and did not update PHP in time.”
The site admin also alleges that law enforcement breached LockBit to prevent the release of stolen documents containing “a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election.”
Additionally, LockBitSupp claims the decryptors seized “are of little use,” and says there were almost 20,000 on the hacked server, “most of which were protected and cannot be used by the FBI.” ®