March 1, 2024by Cybersixgill IQ

LockBit Ransomware Group's Re-emergence: Immediate Threats and Organizational Awareness

Powered by cybersixgill IQ


Following the recent international takedown operation of the LockBit ransomware group, a new dark web message from LockBit's leader, known as LockBitSupp, has raised concerns about the group's re-emergence. This article will provide an overview of the immediate threats posed by LockBitSupp and highlight key points that organizations should be aware of to protect themselves.

Re-emergence of LockBitSupp

LockBitSupp, the leader of the LockBit ransomware group, has issued a lengthy message on a new dark web site, signaling the group's intention to continue its criminal activities. LockBitSupp discredited the recent takedown operation, claiming that LockBit was compromised due to its own negligence at patching. The criminal leader also made threats and promises of return, indicating that the group remains a significant threat in the ransomware landscape.

LockbitSupp, associated with the criminal adversary BITWISE SPIDER from Russia, is responsible for the development of LockBit ransomware and the StealBit information stealer. The recent takedown operation disrupted LockBit's criminal network infrastructure and resulted in the arrest of two of its members. However, LockbitSupp has now issued a message on a new dark web site, indicating their intention to continue their criminal activities.

Immediate Threats to Organizations:

  • Targeting Government Infrastructures: LockBitSupp specifically mentioned targeting government infrastructures, with a focus on the FBI. This poses a significant threat to government agencies and critical infrastructure sectors, as LockBit has a history of launching large-scale ransomware attacks.

  • Psychological Manipulation: LockBitSupp's messaging aims to erode trust among cybercriminals and create doubt and suspicion within the cybercrime community. This tactic could lead to disruptions in LockBit's operations and provoke a response from its leader, potentially resulting in increased cyberattacks.

  • Potential Collaboration with Law Enforcement: Authorities have hinted at having information about LockBitSupp's identity and engagement with law enforcement. This could indicate that LockBitSupp is either an informant or that law enforcement has infiltrated the group's inner circle. Such collaboration could lead to the exposure of sensitive information and further disruptions to LockBit's operations.

Organizational Awareness:

Patching and Vulnerability Management: LockBitSupp's claim that LockBit was compromised due to patching negligence serves as a reminder for organizations to prioritize regular patching and vulnerability management. Keeping software and systems up to date can help prevent exploitation by ransomware groups.

Enhanced Cybersecurity Measures: Organizations should strengthen their cybersecurity measures to protect against ransomware attacks. This includes implementing robust endpoint protection, network segmentation, multi-factor authentication, and regular data backups. Additionally, conducting regular security assessments and employee training on phishing and social engineering can help mitigate risks.

Collaboration with Law Enforcement: Organizations should establish strong partnerships with law enforcement agencies and report any suspicious activities or incidents promptly. Sharing threat intelligence and collaborating with authorities can aid in the fight against ransomware groups like LockBit and contribute to disrupting their operations.

Incident Response and Business Continuity Planning: Developing and testing an incident response plan and business continuity strategy is crucial for organizations to minimize the impact of a ransomware attack. This includes having backups stored offline, establishing communication channels, and training employees on incident response procedures.

Cybersixgill customers can access the complete tables of IOCs detected for the ransomware group LockBitSupp in the following links: 

Stay informed and gain valuable insights on Operation Cronos and the LockBit seizure with our exclusive e-guide, revealing the full story and its impact on cybercriminal underground.

This article was created using Cybersixgill IQ, our generative AI capability that supports teams with instant report writing, simplifies complex threat data and provides 24/7 assistance, transforming cybersecurity for every industry and every individual, at every level.

You may also like

Analyst looking at multiple monitors

July 11, 2024

Chinese APT40 Hackers Hijack SOHO Routers: Unleashing Cyber Espionage Attacks

Read more
Abstract digital landscape with flowing lines of glowing binary code in blue and orange, representing data streams and modern technology.

July 08, 2024

CVE-204-6387 Poses Risk to Organizations Relying on OpenSSH’s Server (sshd)

Read more
Black Hat Recap-Thumbnail

June 25, 2024

Third-Party Threat Intel and the importance of deep, dark web threat intelligence

Read more